LDAP Queries Fail with 'Address already in use' Error

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

Confluence is hooked up to an LDAP server. Users are intermittently served with 'Not Permitted' error page on pages they are allowed to view. The following error appears in the log:

2010-08-10 13:04:18,277 ERROR [http-80-8] [user.impl.ldap.LDAPUserManagerReadOnly] getUser Error retrieving user: 'Husein.Alatas' from LDAP.
 -- url: /display/Test | userName: Husein.Alatas | referer: http://confluence/display/dashboard/Home | action: notpermitted
com.atlassian.user.impl.ldap.repository.LdapConnectionFailedException: javax.naming.CommunicationException: ldap.atlassian.com:389 [Root exception is java.net.BindException: Address already in use: connect]
	at com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory.getLDAPContext(DefaultLdapContextFactory.java:93)
	at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:70)
	at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:54)
	at com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.getUser(LDAPUserManagerReadOnly.java:70)
	at com.atlassian.user.impl.delegation.DelegatingUserManager.getUser(DelegatingUserManager.java:68)
	at bucket.user.DefaultUserAccessor.getUser(DefaultUserAccessor.java:146)
...
Caused by: javax.naming.CommunicationException: ldap.atlassian.com:389 [Root exception is java.net.BindException: Address already in use: connect]
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:200)
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
	at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
	at com.sun.jndi.ldap.pool.Connections.getOrCreateConnection(Connections.java:185)
...
Caused by: java.net.BindException: Address already in use: connect
	at java.net.PlainSocketImpl.socketConnect(Native Method)
...

Diagnosis

Running the following command:

netstat -na

May reveal a lot of open connections to the LDAP server:

...
  TCP    10.44.22.27:1660       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1661       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1662       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1663       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1664       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1665       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1666       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1667       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1668       10.44.22.26:389        TIME_WAIT
  TCP    10.44.22.27:1669       10.44.22.26:389        TIME_WAIT
...

Cause

  1. There is another application already using the same port number (e.g. 389). For instance, TCP/IP Offload Engine is set up in the environment.
  2. Confluence does not cache LDAP entities, causing it to open a lot of connections to LDAP server every time the information is required. This can potentially occur if caching is disabled in LDAP configuration.

Resolution

  1. Disable any application that is using the same port number (e.g. 389).
  2. Ensure that LDAP caching is enabled. In atlassian-user.xml, cache parameter is set to true:

    <ldap key="ldapRepository" name="LDAP Repository@atlassian" cache="true">
    

 

 

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.