Hi Experts,
we have a custom job - LDAPDisableUsersOnlyJob, that we used to sync the user status from LDAP ... if the user is disabled in LDAP, the job will disable the same in docbase.
here is code snippet of method (for above job) -
===========================================================================================
if (user_state.equals("0")&&user_login_domain.equals(ldap_name)&&(user_source.equals("LDAP"))) {
trace( "Check validity of DN for user " + user_name);
trace( " dn is : " + user_ldap_dn);
// user is activated and has a user_ldap_dn, must be verified
String search_string = user_ldap_dn.substring(0, user_ldap_dn.indexOf(","));
// added a filter to select only active users (disabled=false)
search_string ="(&("+search_string+")(disabled=false))";
trace( " search string is : " + search_string);
//ldap.setSearchString("uid="+"<uid_of_user>");
ldap.setSearchString(search_string);
ldap.traceParameters();
ArrayList result = ldap.search();
if (result==null) {
trace ("result null : LDAP cannot give result back "); }
else if (result.isEmpty()){trace("User " + user_name + " with dn " + user_ldap_dn + " does not exists in LDAP.");
trace("User " + user_name + " with dn " + user_ldap_dn + " does not exists in LDAP must be Disabled.");
IDfUser current_user = (IDfUser)session.getObject(new DfId(id));
// set user as inactive
current_user.setInt("user_state", 1);
current_user.save();
trace("User " + user_name + " with dn " + user_ldap_dn + " is now disabled.");
disabled++;
}
else {
trace("User " + user_name + " with dn " + user_ldap_dn + " is valid in LDAP.");
leave_active++;
}
}
else {
trace( "User " + user_name + " is already disabled or is not configured with LDAP Authentication");
}
========================================================================================
this code, we are using for all users in loop.
earlier it was working fine .... but from few days i am getting following in the log file -
========================================================================================
2016-07-15 11:04:10 CEST: search(): begin ...
2016-07-15 11:04:10 CEST: setupSSL(): begin:
2016-07-15 11:04:10 CEST: setupSSL(): setting system propery "javax.net.ssl.trustStore" to ldapCertDB=(/export/home/dmadmin/shared/java/1.6.0_27/jre/lib/security/cacerts)
2016-07-15 11:04:10 CEST: setupSSL(): setting system propery "javax.net.ssl.trustStorePassword" to ldapCertDBPassword=(*****************)
2016-07-15 11:04:10 CEST: setupSSL(): end:
2016-07-15 11:04:10 CEST: search(): LDAPConnection successfully created ...
2016-07-15 11:04:10 CEST: search(): successfully connected to LDAP server host: ldap-cad-cch.com at port: 636 ...
2016-07-15 11:04:10 CEST: error result
2016-07-15 11:04:10 CEST: netscape.ldap.LDAPException: error result (49)
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1844)
at netscape.ldap.LDAPConnection.search(LDAPConnection.java:2499)
at netscape.ldap.LDAPConnection.search(LDAPConnection.java:2402)
at LDAPSearch.search(LDAPSearch.java:295)
at LDAPDisableUsersOnlyMethod.execute(LDAPDisableUsersOnlyMethod.java:387)
at com.documentum.mthdservlet.DmMethodRunner.runIt(Unknown Source)
at com.documentum.mthdservlet.AMethodRunner.runAndReturnStatus(Unknown Source)
at com.documentum.mthdservlet.DoMethod.invokeMethod(Unknown Source)
at com.documentum.mthdservlet.DoMethod.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
2016-07-15 11:04:10 CEST: search(): successfully disconnected from LDAP server ...
2016-07-15 11:04:10 CEST: result null : LDAP cannot give result back
2016-07-15 11:04:10 CEST: *************************************************************************
========================================================================================
i checked the LDAP config object, it is fine with all details and i am able to run the search from command line.
can you please help me fix this issue.
Thanks in advance!
