Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
mg_gsi_da
Creator
Creator

LDAP via SSL (LDAPS) not working reliable

We implemented a SSL connection to the Windows AD.  Qlik Sense Feb 21 Patch2

After doing some work with ceritficates it is now working essentially.

Connection String:  LDAPS://hostname:636 is working properly.

 

In the script we load several attributes of usergroups from the Windows AD. This done via a loop and concatenate load of each group and users to a table. Curently 86 groups with a total of 300 users.

LIB CONNECT TO 'AD-Connector'

...

Load
*
,'ACTIVE' as UserFlag
,cn as name
,sAMAccountName as "userid"
,'group' as "type"
,'$(vGroupName)' as "value";
SQL SELECT distinguishedName,cn,displayName,sAMAccountName,objectCategory,objectClass,mail,department FROM 'LDAP://hostname:636'
WHERE memberOf='cn=$(vGroupName),ou=xxx_yy,ou=vvv_ww,dc=campus,dc=xxx,dc=de' and 'userAccountControl:1.2.840.113556.1.4.803:'<>2;

 

The script is starting to load the data from the AD. After some groups (different each time) it gets an error and stops the load. If you do a fast retry it usually works at the second or third time.

 

Logfile extract:

tmpAllUsers << bf4bdd0e-0d67-41f3-869a-d42bbbe6316d

Abgerufene Zeilen: 4

tmpAllUsers << LDAP://hostname:636

Abgerufene Zeilen: 6

tmpAllUsers << LDAP://hostname:636

Abgerufene Zeilen: 6

...

tmpAllUsers << LDAP://hostname:636

Abgerufene Zeilen: 259

---

Der folgende Fehler ist aufgetreten:

Connector reply error: ErrorSource: Active Directory, ErrorMsg: The server is not operational.

Der Fehler ist hier aufgetreten:

SQL SELECT distinguishedName,cn,displayName,sAMAccountName,objectCategory,objectClass,mail,department FROM 'LDAP://hostname:636'

WHERE memberOf='cn=sec_BI_xxx,ou=xxx_BI,ou=xxx,dc=campus,dc=xxx,dc=de' and 'userAccountControl:1.2.840.113556.1.4.803:'<>2

 

If I limit the number of groups to load to 10 it works on the the first try.

We checked the logs on the Windows AD server but there are no entries. Also I did a permanent ping during the load but the connection seems stable.

 

Any idea?

Regards Michael

Labels (2)
0 Replies