[keycloak-user] 3.2.0 wont start if an LDAP is misconfigured

Nathan Hoult nhoult51 at gmail.com
Wed Aug 23 17:08:25 EDT 2017 

I am trying to start KC but the LDAP account password changed so it won't
start:

14:16:17,839 ERROR
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager]
(pool-6-thread-1) Could not query server using DN [not important] and
filter [not important]: javax.naming.AuthenticationException: [LDAP: error
code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext
error, data 52e, v1db1]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    at
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
    at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
    at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
    at
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
    at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    at javax.naming.InitialContext.init(InitialContext.java:244)
    at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.createLdapContext(LDAPOperationManager.java:547)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:636)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:629)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:226)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:198)
    at
org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:164)
    at
org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:175)
    at
org.keycloak.storage.ldap.LDAPStorageProvider.loadLDAPUserByUsername(LDAPStorageProvider.java:725)
    at
org.keycloak.storage.ldap.LDAPStorageProvider.loadAndValidateUser(LDAPStorageProvider.java:429)
    at
org.keycloak.storage.ldap.LDAPStorageProvider.validate(LDAPStorageProvider.java:153)
    at
org.keycloak.storage.UserStorageManager.importValidation(UserStorageManager.java:245)
    at
org.keycloak.storage.UserStorageManager.getUserById(UserStorageManager.java:301)
    at
org.keycloak.models.jpa.session.JpaUserSessionPersisterProvider.loadUserSessions(JpaUserSessionPersisterProvider.java:208)
    at
org.keycloak.models.sessions.infinispan.initializer.OfflineUserSessionLoader.loadSessions(OfflineUserSessionLoader.java:61)
    at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker$1.run(SessionInitializerWorker.java:74)
    at
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
    at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker.call(SessionInitializerWorker.java:70)
    at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker.call(SessionInitializerWorker.java:34)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)


I tried making the host resolve to 127.0.0.1 so it would fail to connect
but it still refused to start. So it seems if LDAP goes down or is
misconfigured then KC won't start even if I could log in locally or through
an identity provider?

I tried:
1) disabling user and Realm cache
2) looking on the internet for some way to disable LDAP or a Realm
temporarily
3) still looking in the code to see if there is a startup parameter I could
pass it to take another path

Any help to get my KC back up so I can update the password would be
appreciated.

Thanks,
- Nathan

More information about the keycloak-user mailing list