LDAP Queries Fail with 'Address already in use' Error
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Symptoms
Confluence is hooked up to an LDAP server. Users are intermittently served with 'Not Permitted' error page on pages they are allowed to view. The following error appears in the log:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2010-08-10 13:04:18,277 ERROR [http-80-8] [user.impl.ldap.LDAPUserManagerReadOnly] getUser Error retrieving user: 'Husein.Alatas' from LDAP.
-- url: /display/Test | userName: Husein.Alatas | referer: http://confluence/display/dashboard/Home | action: notpermitted
com.atlassian.user.impl.ldap.repository.LdapConnectionFailedException: javax.naming.CommunicationException: ldap.atlassian.com:389 [Root exception is java.net.BindException: Address already in use: connect]
at com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory.getLDAPContext(DefaultLdapContextFactory.java:93)
at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:70)
at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:54)
at com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.getUser(LDAPUserManagerReadOnly.java:70)
at com.atlassian.user.impl.delegation.DelegatingUserManager.getUser(DelegatingUserManager.java:68)
at bucket.user.DefaultUserAccessor.getUser(DefaultUserAccessor.java:146)
...
Caused by: javax.naming.CommunicationException: ldap.atlassian.com:389 [Root exception is java.net.BindException: Address already in use: connect]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:200)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
at com.sun.jndi.ldap.pool.Connections.getOrCreateConnection(Connections.java:185)
...
Caused by: java.net.BindException: Address already in use: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
...
Diagnosis
Running the following command:
1
netstat -naMay reveal a lot of open connections to the LDAP server:
1
2
3
4
5
6
7
8
9
10
11
12
...
TCP 10.44.22.27:1660 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1661 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1662 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1663 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1664 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1665 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1666 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1667 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1668 10.44.22.26:389 TIME_WAIT
TCP 10.44.22.27:1669 10.44.22.26:389 TIME_WAIT
...
Cause
There is another application already using the same port number (e.g. 389). For instance, TCP/IP Offload Engine is set up in the environment.
Confluence does not cache LDAP entities, causing it to open a lot of connections to LDAP server every time the information is required. This can potentially occur if caching is disabled in LDAP configuration.
Solution
Resolution
Disable any application that is using the same port number (e.g. 389).
Ensure that LDAP caching is enabled. In atlassian-user.xml, cache parameter is set to true:
1<ldap key="ldapRepository" name="LDAP Repository@atlassian" cache="true">
Was this helpful?