Affects Version/s: 2.5.0
Fix Version/s: 2.7.0
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-tdc1-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
AD Domain Controllers
2012 R2 OS
Ambari server configured to use "secure" ldap authentication.
We call the ldap_sync_events REST endpoint frequently to synchronize existing groups and a specific list groups. We had no issues with this until mid-October at which point we began to see:
- We saw random success and failure when attempting to sync a single group.
- With useSSL=false and an updated port ldap sync was consistently successful.
- By default, ldap connection only uses pooled connections when connecting to a directory server over LDAP. Enabling SSL causes it to disable the pooling, resulting in poorer performance and failures due to connection resets.
- Around mid-October we increased the number of groups defined on the system (50+), this pushed us outside the "safe zone".
Enable the SSL connections pooling by adding the below argument to startup options.