Greetings,
I run a Java application. From time to time I start seeing the following error in the logs:
LDAP: error code 12 - Unavailable Critical Extension
I have a three node 389-DS cluster and don't see any errors in the respective 389 DS logs.
The restart of the Java application seems to resolve the issue.
Wondering if anybody has seen this error before and how to debug/remediate.
Thanks! Oleg
Hello Oleg, 'Unavailable Critical Extension' can come from a lot of places (mostly plugins but not only). So yes, you need to find that in logs.
First of all, you can check the access log and check if some operations have requested something unusual (some server-side control or something). Or, also, If the OID is not supported, it will return 'Unavailable Critical Extension'.
If you won't find anything useful there, then you can try to look for the info in errors log.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
I think it makes sense to add 8192 — Replication debugging - first. And wait for the error. Then, if your error still happens silently in the logs, you can check - 128 — Access control list processing too.
Be aware, that the logs may cause performance issue so I won't recommend running that on production.
Sincerely, Simon
On Fri, Dec 18, 2020 at 6:56 PM Oleg Cohen oleg.cohen@assurebridge.com wrote:
Greetings,
I run a Java application. From time to time I start seeing the following error in the logs:
LDAP: error code 12 - Unavailable Critical Extension
I have a three node 389-DS cluster and don't see any errors in the respective 389 DS logs.
The restart of the Java application seems to resolve the issue.
Wondering if anybody has seen this error before and how to debug/remediate.
Thanks! Oleg _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
On 19 Dec 2020, at 03:53, Oleg Cohen oleg.cohen@assurebridge.com wrote:
Greetings,
I run a Java application. From time to time I start seeing the following error in the logs:
LDAP: error code 12 - Unavailable Critical Extension
I have a three node 389-DS cluster and don't see any errors in the respective 389 DS logs.
If you look at logconv.pl it may help you find the error in the log, because we should log when a critical extension isn't present.
The restart of the Java application seems to resolve the issue.
Wondering if anybody has seen this error before and how to debug/remediate.
There are lots of things that can cause it, but some options are:
* Check how your application connects. StartTLS is an extension which would be critical, but StartTLS is also not reliable IMO, so you should consider LDAPS instead. * You could wireshark and check what is going on * If you use a load balancer, check if it's protocol aware and altering the traffic * Check your logs for traffic from the IP of the java application, not the conn+op numbers, then look for those in the logs to trace "what kind of operations" are being performed. * Look for correlations in the java application log about what it is attempting at the time of the error.
Thanks! Oleg _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
389-users@lists.fedoraproject.org