Click on the links to expand panels and see answers.


Due to a problem with Google libraries, pl.craftware.shaded.com.google.api.client.http.HttpTransport logger produces too much data. If this is a problem for you, you can disable it with:

 

log4j.logger.pl.craftware.shaded.com.google.api.client.http.HttpTransport=OFF

 

added to log4j.properties.


Increasing value of google.apps.batchRequestReadTimeout helps.


This error probably means that you're behind a proxy and need to configure it. Use -DsocksProxyHost (it has to be a SOCKS5 proxy, HTTP proxies won't work) or use a proxifier.


This error means that probably IMAPS port isn't open correctly on firewalls, so the plugin can't access it. 


The user may get this error if they enabled 2-step verification. Then instead of using their Google password, they should use per-application passwords.



com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden 
{ 
	"code" : 403, 
	"errors" : [ { "domain" : "usageLimits", "message" : "User Rate Limit Exceeded", "reason" : "userRateLimitExceeded" } ], 
	"message" : "User Rate Limit Exceeded" 
}

 

For security reasons, Google Directory API has usage limits equal by default 15 requests per second. Sometimes it's too little, to change it:
  • Go to Google Developers Console > Your project > APIs & auth > APIs > Admin SDK > Quotas;
  • Find Quota summary > Per user limit and click Change;
  • Enter the new value (eg 1000) and click Change.



com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden 
{ 
	"code" : 403, 
	"errors" : [ { "domain" : "usageLimits", "message" : "Daily Limit Exceeded", "reason" : "dailyLimitExceeded" } ], 
	"message" : "Daily Limit Exceeded" 
}

 

For security reasons, Google Directory API also has usage limits equal by 150000 requests per day. If it's too little for you can change directory.cache.synchronise.interval or ask Google for more in Google Developers Console Your project > APIs & auth > APIs > Admin SDK > QuotasApply for higher quota.


This probably means that you missed some step during Google Apps domain configuration. Sometimes 403 Forbidden mean that your user (given in attributes field google.apps.admin.email hasn't enough permission in Google service to get information about groups, users etc).



com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "invalid_grant"
}

 

This error may mean many problems, but most likely the system date/time on the computer Crowd server is running on is set incorrectly (Google uses it to improve security of access tokens):

  • fix the date/time;
  • restart Crowd (many parts of it and the plugin may depend current date/time).
To prevent such problems in the future, use NTP time synchronization. It's very likely that time synchronization is already enabled on that computer, but some proxy or firewall blocks access to NTP.


Try checking the logs first. If that doesn't help, please contact us at http://www.craftware.biz/en > Contact. Don't forget to add the important snippets of the logs to your message.