OES11g - PIP Is Not Able To Handle Ldap Connection Timeout showing Connection reset/closed

(Doc ID 2116484.1)

Last updated on APRIL 28, 2017

Applies to:

Oracle Entitlements Server - Version 11.1.2.2.0 to 11.1.2.3.0 [Release 11g]
Information in this document applies to any platform.

Goal

Ldap Load Balacer resets ldap connections each hour. If there is no activity for over one hour with the OES' PIP ldap query.

seeing the   "socket closed" exception, and the OES PDP returns a "DENY" because of the ldap query failure.

Mar 03, 2016 4:43:15 AM com.bea.security.providers.authorization.asi.ARME.evaluator.LdapAttributeRetrieverImpl getAttributeValue
WARNING: Exception from the LDAP/DB server, code: hostname.example.com:1890; socket closed, trying alternate connection
Mar 03, 2016 4:43:15 AM com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator getOrComputeVariable
SEVERE: Error happens: failed to compute credential variable 'test'

In some cases this error has been observed, just in the first occurrence, whe start retrieving the Ldap attribute connection reset exception

Apr 27, 2017 1:42:37 PM com.bea.security.providers.authorization.asi.ARME.evaluator.LdapAttributeRetrieverImpl getAttributeValue
FINE: Attribute memberOf not found in cache, need to retrieve it
Apr 27, 2017 1:42:37 PM com.bea.security.providers.authorization.asi.ARME.ootbretrievers.OOTBAttributeRetriever isPrimaryConnectionActive
FINE: Subject connector to com.bea.security.providers.authorization.asi.ARME.ootbretrievers.LDAPAttributeRetriever@7c9e6499 reactivated
Apr 27, 2017 1:42:37 PM com.bea.security.providers.authorization.asi.ARME.evaluator.LdapAttributeRetrieverImpl getAttributeValue
WARNING: Exception from the LDAP/DB server, code: Connection reset, trying alternate connection
Apr 27, 2017 1:42:37 PM com.bea.security.providers.authorization.asi.ARME.evaluator.LdapAttributeRetrieverImpl getAttributeValue
SEVERE: Got exception
javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'DC=example,DC=com'
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2004)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1848)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1773)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
..............
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.net.ManagedSocketInputStreamAPSIHighPerformanceNew.read(ManagedSocketInputStreamAPSIHighPerformanceNew.java:98)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
..............
Apr 27, 2017 1:42:37 PM com.bea.security.providers.authorization.asi.ARME.evaluator.MasterEvaluationFunction evaluate
FINE: com.bea.security.providers.authorization.asi.ARME.exceptions.ArmeRuntimeException: Connection reset
at com.bea.security.providers.authorization.asi.ARME.evaluator.LdapAttributeRetrieverImpl.getAttributeValue(LdapAttributeRetrieverImpl.java:181)
at com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator.getOrComputeVariable(BoolEvaluator.java:1208)
................................
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms