Error Message

The following error is generated in the Catalina.log:

Caused by: javax.naming.CommunicationException: DomainDnsZones.DC.DC.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out] at com.sun.jndi.ldap.LdapReferralContext.(LdapReferralContext.java:74) at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208) ... 43 more Caused by: java.net.SocketTimeoutException: connect timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:337) at com.sun.jndi.ldap.Connection.(Connection.java:185) at com.sun.jndi.ldap.LdapClient.(LdapClient.java:116) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678) at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:296) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134) at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35) at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584) at javax.naming.spi.NamingManager.processURL(NamingManager.java:364) at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316) at com.sun.jndi.ldap.LdapReferralContext.(LdapReferralContext.java:93)

This issue typically occurs when using a load balancing setup (multiple LDAP Servers) in a round robin configuration for LDAP Authentication. The current LDAP server that Clearwell is configured to access, does not have authorization rights to the information being queried. The LDAP server originally connected to will try to refer to another LDAP server with authoritative rights to the information. If this referral fails to get to the correct LDAP server, Clearwell will generate the timeout errors shown above.

For LDAP:
Connect to the Global Catalog (GC) port 3268 (example, ldap://test.domain.com:3268) instead of using the standard LDAP port 389 (example, ldap://test.domain.com:389) if the Domain Controller is also the Global Catalog server.

For LDAPS:
Connect to the Global Catalog (GC) port 3269 (example, ldap://test.domain.com:3269) instead of using the standard LDAPS port 636 (example, ldaps://test.domain.com:636) if the Domain Controller is also the Global Catalog server.

Note:
The Global Catalog will have a copy of all the Active Directory (AD) objects in the domain, which allows the correct authentication.  If using a load balancer, this port will need to be opened on the load balancing appliance.