3.2.0 wont start if an LDAP is misconfigured

Wednesday, 23 August 2017

I am trying to start KC but the LDAP account password changed so it won't
start:

14:16:17,839 ERROR
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager]
(pool-6-thread-1) Could not query server using DN [not important] and
filter [not important]: javax.naming.AuthenticationException: [LDAP: error
code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext
error, data 52e, v1db1]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    at
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
    at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
    at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
    at
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
    at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    at javax.naming.InitialContext.init(InitialContext.java:244)
    at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.createLdapContext(LDAPOperationManager.java:547)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:636)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:629)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:226)
    at
org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:198)
    at
org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:164)
    at
org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:175)
    at
org.keycloak.storage.ldap.LDAPStorageProvider.loadLDAPUserByUsername(LDAPStorageProvider.java:725)
    at
org.keycloak.storage.ldap.LDAPStorageProvider.loadAndValidateUser(LDAPStorageProvider.java:429)
    at
org.keycloak.storage.ldap.LDAPStorageProvider.validate(LDAPStorageProvider.java:153)
    at
org.keycloak.storage.UserStorageManager.importValidation(UserStorageManager.java:245)
    at
org.keycloak.storage.UserStorageManager.getUserById(UserStorageManager.java:301)
    at
org.keycloak.models.jpa.session.JpaUserSessionPersisterProvider.loadUserSessions(JpaUserSessionPersisterProvider.java:208)
    at
org.keycloak.models.sessions.infinispan.initializer.OfflineUserSessionLoader.loadSessions(OfflineUserSessionLoader.java:61)
    at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker$1.run(SessionInitializerWorker.java:74)
    at
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
    at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker.call(SessionInitializerWorker.java:70)
    at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker.call(SessionInitializerWorker.java:34)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

I tried making the host resolve to 127.0.0.1 so it would fail to connect
but it still refused to start. So it seems if LDAP goes down or is
misconfigured then KC won't start even if I could log in locally or through
an identity provider?

I tried:
1) disabling user and Realm cache
2) looking on the internet for some way to disable LDAP or a Realm
temporarily
3) still looking in the code to see if there is a startup parameter I could
pass it to take another path

Any help to get my KC back up so I can update the password would be
appreciated.

Thanks,
- Nathan

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014