Re: LDAP: error code 12 - Unavailable Critical Extension

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On 19 Dec 2020, at 03:53, Oleg Cohen <oleg.cohen@xxxxxxxxxxxxxxxx> wrote:
> 
> Greetings,
> 
> I run a Java application. From time to time I start seeing the following error in the logs:
> 
> LDAP: error code 12 - Unavailable Critical Extension
> 
> I have a three node 389-DS cluster and don't see any errors in the respective 389 DS logs.

If you look at logconv.pl it may help you find the error in the log, because we should log when a critical extension isn't present.

> 
> The restart of the Java application seems to resolve the issue.
> 
> Wondering if anybody has seen this error before and how to debug/remediate.

There are lots of things that can cause it, but some options are:

* Check how your application connects. StartTLS is an extension which would be critical, but StartTLS is also not reliable IMO, so you should consider LDAPS instead. 
* You could wireshark and check what is going on
* If you use a load balancer, check if it's protocol aware and altering the traffic
* Check your logs for traffic from the IP of the java application, not the conn+op numbers, then look for those in the logs to trace "what kind of operations" are being performed.
* Look for correlations in the java application log about what it is attempting at the time of the error.




> 
> Thanks!
> Oleg
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux