Group Circular RelationShip on Active Directory is Preventing to Access Analytics URL
(Doc ID 2832953.1)
Last updated on DECEMBER 16, 2023
Applies to:
Oracle WebLogic Server - Version 10.3.6 and laterInformation in this document applies to any platform.
Symptoms
On production, some users can't log in to the Analytics URL, causing hogging threads on WLS bi_server1.
Two authentication providers were defined in the config/config.xml file, the embedded LDAP, and an external Active Directory, however, the issue is more related to the AD, where most of the users/groups were defined.
This issue was seen suddenly affecting consistently a set of users.
Customer was requested to provide a set of 3 thread dumps 20 seconds apart were collected on bi_server1 while the problematic users were trying to login into Analytics, finding a suspect thread:
From this thread the following information was obtained:
- This particular thread was blocking another 23 threads.
- As part of the problem, there would be a recursive call to weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.searchGroupLimited(LDAPAtnLoginModuleImpl.java:556) related to the authentication process when dealing with groups.
- A similar problem was reported some years ago affecting an old version of WLS: WebLogic Managed Server Segmentation Fault and Core Dump Calling searchGroupUnlimited (<Note 1302204.1>)
- Enabling ATN debug flag should provide more information to isolate the problematic groups.
Changes
No changes were reported from the WLS perspective.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |