Problems with referrals during Active Directory import
Problem
When importing from an Active Directory that uses referrals it's possible the import can fail with the error "Root exception is java.net.ConnectException: Connection timed out: connect]". These are typically due to DNS issues in the network.
Solution
The provided steps require the iGrafx Platform version 16.3.2 or later.
There are three possible solutions as a workaround:
- Modify your filter to exclude the groups that need referral
- Disable the ability to follow referrals. You can do this by passing in the start-up parameter igrafx.usercentral.ldap.referrals="ignore"
- Access the global catalog:
If you were using the port 389 change it to 3268
If you were using the port 636 change it to 3269
The possible ramifications are
- If you only have one domain, there shouldn't be any adverse effects
- If you have multiple domains, cross-domain memberships will not be resolved