We implemented a SSL connection to the Windows AD. Qlik Sense Feb 21 Patch2
After doing some work with ceritficates it is now working essentially.
Connection String: LDAPS://hostname:636 is working properly.
In the script we load several attributes of usergroups from the Windows AD. This done via a loop and concatenate load of each group and users to a table. Curently 86 groups with a total of 300 users.
LIB CONNECT TO 'AD-Connector'
...
Load
*
,'ACTIVE' as UserFlag
,cn as name
,sAMAccountName as "userid"
,'group' as "type"
,'$(vGroupName)' as "value";
SQL SELECT distinguishedName,cn,displayName,sAMAccountName,objectCategory,objectClass,mail,department FROM 'LDAP://hostname:636'
WHERE memberOf='cn=$(vGroupName),ou=xxx_yy,ou=vvv_ww,dc=campus,dc=xxx,dc=de' and 'userAccountControl:1.2.840.113556.1.4.803:'<>2;
The script is starting to load the data from the AD. After some groups (different each time) it gets an error and stops the load. If you do a fast retry it usually works at the second or third time.
Logfile extract:
tmpAllUsers << bf4bdd0e-0d67-41f3-869a-d42bbbe6316d
Abgerufene Zeilen: 4
tmpAllUsers << LDAP://hostname:636
Abgerufene Zeilen: 6
tmpAllUsers << LDAP://hostname:636
Abgerufene Zeilen: 6
...
tmpAllUsers << LDAP://hostname:636
Abgerufene Zeilen: 259
---
Der folgende Fehler ist aufgetreten:
Connector reply error: ErrorSource: Active Directory, ErrorMsg: The server is not operational.
Der Fehler ist hier aufgetreten:
SQL SELECT distinguishedName,cn,displayName,sAMAccountName,objectCategory,objectClass,mail,department FROM 'LDAP://hostname:636'
WHERE memberOf='cn=sec_BI_xxx,ou=xxx_BI,ou=xxx,dc=campus,dc=xxx,dc=de' and 'userAccountControl:1.2.840.113556.1.4.803:'<>2
If I limit the number of groups to load to 10 it works on the the first try.
We checked the logs on the Windows AD server but there are no entries. Also I did a permanent ping during the load but the connection seems stable.
Any idea?
Regards Michael