ALI 6.5 Directory Services
In my (seemingly) never-ending quest to get Collaboration Notification working with 6.5, I ran into yet another error resulting in a ridiculous amount of diagnostic work. The good news is that the error I was running into was a simple self-inflicted problem. The bad news is there is an amazing lack of documentation about how the new Notification system works with Directory Services (the “BEA ALI LDAP Directory” service in Windows).
Here’s the general premise to ALI Directory Services: ALI 6.5 ships with this new Directory Services component that provides an LDAP service for Portal User accounts. The idea is that historically, the portal has been great at synching users from external repositories (from AD, LDAP, or custom sources) into its own database. Once those users get synched and aggregated into the portal, though, they’re not exposed to any other services. Directory Services aim to resolve that problem: 6.5 provides an LDAP server that uses the industry-standard LDAP protocol to expose users that have been synched to the portal. So any other system can use LDAP to get user information.
Fantastic feature, right? But with the dearth of documentation out there, what may not be immediately obvious is that this Directory Service is also used by internal components such as the Notification Server.
I’ve only begun to scratch the surface with how all these components work together, but if you’re interested in reading about how they DON’T work together (saving yourself hours of diagnostic time), hit the jump.
This was the problem: The notification service was throwing the following exception:
Unable to retrieve user with UUID '{75AC0C94-1191-50A1-7217-1348987BA000}'
com.plumtree.security.InternalServerException
at com.plumtree.security.client.impl.util.ExceptionHelper.translate(ExceptionHelper.java:38)
at com.plumtree.security.client.impl.entity.UserManagerImpl.findUserByUuid(UserManagerImpl.java:79)
at com.plumtree.security.entity.UserManagerWrapper.findUserByUuid(UserManagerWrapper.java:48)
At first I thought the problem was with the “BEA ALI Security and Directory Service” component, but then started to focus on the “BEA ALI LDAP Directory” service (Don’t get me started on the worthlessness of the exception itself.)
Anyway, the moral of this story is that the port set in the Configuration Manager for the “AquaLogic Notification Service” (under “User and Group Directory”) didn’t match the port for the “ALUI Directory” (under “LDAP Listener Settings”).
Because we already had an LDAP server running on that machine, I had to change the port for the LDAP service to 2389. But I also needed to change the port that Notification Server used to connect to it – which is fine, but isn’t that the point of the Configuration Manager – change a setting once and it’s reflected everywhere?
