Re: [keycloak-user] LDAP Query Failed - AD connection reset

Tuesday, 1 March 2016

Thanks Edgar,

I had also found that resource (atlassian) - I am glad it is working by
you... I will try the same and see what happens....

Best regards
Adrian

On Mon, Feb 29, 2016 at 3:17 PM, Edgar Vonk - Info.nl <Edgar(a)info.nl&gt; wrote:

...
 Yes, we had the same issue. For us the solution was:
 http://lists.jboss.org/pipermail/keycloak-user/2016-February/004961.html

 cheers

 Edgar

 > On 29 Feb 2016, at 10:58, Adrian Matei <adrianmatei(a)gmail.com&gt; wrote:
 >
 > Hi everyone,
 >
 > From time to time we are experiencing the following error :
 > "LDAP Query Failed" (connection resets) for example by user
 registration, but by the second try it usually works....
 >
 > Connection to AD takes place via ldaps and keycloak (1.7.0.Final)
 running on a JBoss EAP 6.4 with Java 8 installed.
 >
 > The complete stacktrace from server.log:
 > 08:47:05,029 ERROR
 [org.keycloak.services.resources.ModelExceptionMapper]
 (http-/159.232.186.74:8443-7) LDAP Query failed:
 org.keycloak.models.ModelException: LDAP Query failed
 >  at

org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:153)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:160)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.LDAPFederationProvider.loadLDAPUserByUsername(LDAPFederationProvider.java:440)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.LDAPFederationProvider.loadAndValidateUser(LDAPFederationProvider.java:230)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.LDAPFederationProvider.validateAndProxy(LDAPFederationProvider.java:89)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:130)
 [keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
 >  at
 org.keycloak.models.UserFederationManager.getUserById(UserFederationManager.java:163)
 [keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.models.sessions.infinispan.compat.UserSessionAdapter.getUser(UserSessionAdapter.java:62)
 [keycloak-model-sessions-infinispan-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:732)
 [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:798)
 [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:750)
 [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
 >  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 [rt.jar:1.8.0_66]
 >  at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 [rt.jar:1.8.0_66]
 >  at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 [rt.jar:1.8.0_66]
 >  at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]
 >  at
 org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at
 org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at
 org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at
 org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:158)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at
 org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at

org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at
 org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at
 org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at

org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at

org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at

org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
 [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
 >  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
 [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
 >  at

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at

org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
 [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at

org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
 [jboss-as-web-7.5.5.Final-redhat-3.jar:7.5.5.Final-redhat-3]
 >  at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at
 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at

org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at
 org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
 [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
 >  at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66]
 >  Caused by: org.keycloak.models.ModelException: Querying of LDAP failed
 org.keycloak.federation.ldap.idm.query.internal.LDAPQuery@7434dc3b
 >  at

org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:158)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:149)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  ... 42 more
 >  Caused by: javax.naming.CommunicationException: simple bind failed:
 ldaps.AD_hostname:636 [Root exception is java.net.SocketException:
 Connection reset]
 >  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
 [rt.jar:1.8.0_66]
 >  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
 [rt.jar:1.8.0_66]
 >  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) [rt.jar:1.8.0_66]
 >  at
 com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
 [rt.jar:1.8.0_66]
 >  at
 com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
 [rt.jar:1.8.0_66]
 >  at
 com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
 [rt.jar:1.8.0_66]
 >  at
 com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
 [rt.jar:1.8.0_66]
 >  at
 org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:122)
 >  at org.jboss.as.naming.InitialContext.init(InitialContext.java:107)
 >  at
 javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
 [rt.jar:1.8.0_66]
 >  at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:98)
 >  at

org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
 >  at
 javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
 [rt.jar:1.8.0_66]
 >  at
 javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
 [rt.jar:1.8.0_66]
 >  at javax.naming.InitialContext.init(InitialContext.java:244)
 [rt.jar:1.8.0_66]
 >  at
 javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
 [rt.jar:1.8.0_66]
 >  at

org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.createLdapContext(LDAPOperationManager.java:453)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:518)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:148)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  at

org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:149)
 [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
 >  ... 43 more
 >  Caused by: java.net.SocketException: Connection reset
 >  at java.net.SocketInputStream.read(SocketInputStream.java:209)
 [rt.jar:1.8.0_66]
 >  at java.net.SocketInputStream.read(SocketInputStream.java:141)
 [rt.jar:1.8.0_66]
 >  at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
 [jsse.jar:1.8.0_66]
 >  at sun.security.ssl.InputRecord.read(InputRecord.java:503)
 [jsse.jar:1.8.0_66]
 >  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
 [jsse.jar:1.8.0_66]
 >  at
 sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
 [jsse.jar:1.8.0_66]
 >  at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
 [jsse.jar:1.8.0_66]
 >  at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
 [jsse.jar:1.8.0_66]
 >  at
 java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
 [rt.jar:1.8.0_66]
 >  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
 [rt.jar:1.8.0_66]
 >  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
 [rt.jar:1.8.0_66]
 >  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
 [rt.jar:1.8.0_66]
 >  at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
 [rt.jar:1.8.0_66]
 >  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
 [rt.jar:1.8.0_66]
 >  ... 62 more
 >
 > Anybody else experienced and fixed this?
 >
 > Thanks,
 > Adrian
 > _______________________________________________
 > keycloak-user mailing list
 > keycloak-user(a)lists.jboss.org
 > https://lists.jboss.org/mailman/listinfo/keycloak-user

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] LDAP Query Failed - AD connection reset