Metabase can't connect to our LDAP server

Get Help
1 
{
  "browser-info": {
    "language": "en",
    "platform": "Win32",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
    "vendor": "Google Inc."
  },
  "system-info": {
    "file.encoding": "UTF-8",
    "java.runtime.name": "OpenJDK Runtime Environment",
    "java.runtime.version": "11.0.11+9",
    "java.vendor": "AdoptOpenJDK",
    "java.vendor.url": "https://adoptopenjdk.net/",
    "java.version": "11.0.11",
    "java.vm.name": "OpenJDK 64-Bit Server VM",
    "java.vm.version": "11.0.11+9",
    "os.name": "Linux",
    "os.version": "4.14.238-125.421.amzn1.x86_64",
    "user.language": "en",
    "user.timezone": "GMT"
  },
  "metabase-info": {
    "databases": [
      "snowflake"
    ],
    "hosting-env": "elastic-beanstalk",
    "application-database": "postgres",
    "application-database-details": {
      "database": {
        "name": "PostgreSQL",
        "version": "9.6.20"
      },
      "jdbc-driver": {
        "name": "PostgreSQL JDBC Driver",
        "version": "42.2.18"
      }
    },
    "run-mode": "prod",
    "version": {
      "date": "2021-06-15",
      "tag": "v0.39.4",
      "branch": "release-x.39.x",
      "hash": "f538050"
    },
    "settings": {
      "report-timezone": null
    }
  }
}

Issue:

:message
 "An error occurred while attempting to connect to server dedc01.tls.ad:389:  IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to establish a connection to server dedc01.tls.ad/10.91.82.13:389 within the configured timeout of 10000 milliseconds.', ldapSDKVersion=4.0.4, revision=27051))"}
2

but the same version we tested on EC2, it's working well.
not sure why the Metabase managed by AWS beanstalk has this issue.
We have tried all of our LDAP servers, no hope.

Would you please advise?

3

Hi @robin
Since you're connecting to a non-public LDAP (10.91.82.13), then I would guess that your EB is not in the same network as the EC2 you tested with.
It's a networking issue, so make sure that you can communicate from the host running Metabase to your LDAP. Could also just be a firewall issue.

4

Hi @flamber,
Thanks for your swift reply, Would you please advise how could we troubeshoot this issue?
I can show you how we deployed the metabase by EB.

I can tell you a little bit about background.

We have two version metabases running at the moment.
1). the one managed by EB is prod environment, it's have private IP and public IP in terms of EC2 instances,
2). the other one is deployed by java jar or container , which is test enviroement. both are in the same VPC , which is has private subnet. the test one is working with ldap, but the prod one with EB is not working. yeah maybe you're right.

We have allowed all traffic in and out from the EC2 that Metabase run on internally

But the problem is how can we identified if the prod Metabase is using public IP to connect to our internal LDAP, if it's using it's pulic ip to connect to our ldap, yeah, absolutly it will not work.
In fact our common service like ldap,dns etc is allowed to access by default for any instances in any AWS accounts.

As you're metabase expert, would you give me a hint ?
Or what would you want me to show you to troubeshoot or fix this issue?

Thanks

Best Regards,
Robin

5

@robin It's not really a Metabase issue, but "just" a networking issue. Those can still be some of the most annoying things to troubleshoot, but it's close to impossible for me to troubleshoot your network.

You would have to connect into where Metabase is running and run commands like this to figure out if it is even possible to establish a connection (taking Metabase out of the mix):

nslookup dedc01.tls.ad
nc -v dedc01.tls.ad 389

I would always recommend EC2 over EB any day, since you have much more control. And when you're running more advanced setups (like your setup clearly sounds like), then the simplicity of EB falls short.