Unable to search for add AD users after upgrade to version 6.6

Document ID : KB000105650
Last Modified Date : 06/07/2018
Show Technical Document Details
Issue:

Unable to add search or add AD users after upgrade to version 6.6. 

After adding a Directory Server via Administration -> User Management -> Directory Servers
I try to search for my ldap users by going to Administration -> User Management -> Users and click on the Import Users button. I make sure the Directory Server drop down list is the Directory Server I want to use and click on the Filter button. It looks like it searches for a while and then returns:
Failed to search Directory server. Cause:
Original message: <domain specified in directory server page>:389

Note: 
The error returned while searching for users seems to use a hard coded value for the port (389). It is our finding based on log and network trace that it did properly use the port defined for that directory server to search for users. For example, this article was written while using a domain controllers global catalog on port 3268. Based on the network trace we found that there were 0 packets attempting to use 389. 

Environment:
CA Release Automation 6.6.0.9640
LDAP Server (messages shared below were while testing/using Active Directory)
Cause:
The problem might happen for more than one reason. This document assumes that the error is related to an invalid base DN (see Additional Information section below). The way CA Release Automation gets its base DN is it uses the "Domain Name" field from the Directory Server entry that you are using to search for users. '

For example:
If you use a Domain Name of "example.com" then the base DN we will use for searching users will be: DC=example,DC=com

If you made a typo and set the Domain Name field of the Directory Server to example.con then this would produce the error. 

Or, maybe your base dn actually looks like this: DC=example,DC=site1,DC=com
In which case change the domain name field to be: example.site1.com
 
Resolution:
  1. Login to the ROC (Release Operations Center) as a user with superuser privileges.
  2. Go to Administration -> User Management - Directory Servers.
  3. Modify the Directory Server entry you have and enter a domain name that will be valid for searching ldap. Ask your ldap admin if you are unsure. See the Cause section above if an explanation is necessary and the ldap admin needs more information.  
Additional Information:
There is no logging that will show the ldap servers response. But if you are able to capture network packets sent between the two systems then you would see the following response when this problem is being experienced: 0000202B: RefErr: DSID-031007EF

If you google that ldap response then you'll find that this response happens when the base search dn is invalid. 

The nolio_dm_all.log will have these messages on the CA Release Automation management server when you experience this behavior:
2018-07-06 10:11:52,694 [http-nio-8080-exec-2] ERROR (com.nolio.releasecenter.controllers.v5.administration.DirectoryServerRESTController:140) - Controller method error occurred.
com.nolio.releasecenter.api.PublicApiException: Failed to search Directory server. Cause:
        at com.nolio.platform.server.dataservices.services.directoryServer.DirectoryServerUtils.getAllPotentialUsers(DirectoryServerUtils.java:110)
        at com.nolio.platform.server.dataservices.services.directoryServer.DirectoryServerServiceImpl.getDirectoryServerUsers(DirectoryServerServiceImpl.java:140)