Can’t contact LDAP server
Thomas Hampel
1 June 2012Authenticating Domino users against a remote LDAP is nothing new. Some people have blogged about it or created a presentation already.
Furthermore there are some good articles out there explaining the implementation of AD Authentication, Directory Integration and SPNEGO.
When you're done with the configuration, things may run smooth first, but after a few days authentication may not work any longer.
Restarting the server might help, but only for a short time frame - the reason for that is a bug in the Domino server referenced as SPR# AJMO8NVM8F where Domino seems not to find the remote LDAP server any longer.
Steps to reproduce:
1. Enable the following debug parameters:
Debug_DirectoryAssistence=1
WebAuth_Verbose_Trace=1
LDAPDEBUG=512
2. After some time, Domino may become unable to contact the remote LDAP server
The error message displayed at the console is the following:
LDAP> connect_to_host: EndPoint connect failed: The remote server is not a known TCP/IP host.
LDAP> Unable to chase references (Can't contact LDAP server)
This issue has been documented in LO66491 http://www-304.ibm.com/support/docview.wss?uid=swg1LO66491
It seems the problem still exists in Domino 8.5.3 with FixPack1. so if you run into this problem, open a PMR to get an hotfix.
A temporary workaround is to issue the command "show xdir reload" at the server, which can also run as a scheduled program document every 30min.
It wont fix the issue itself, but will reload directory assistence tables by which the error state will reset back to normal.
Tagged with: Domino