[keycloak-user] LDAP Query Failed - AD connection reset
Adrian Matei
adrianmatei at gmail.com
Mon Feb 29 04:58:26 EST 2016
Hi everyone,
>From time to time we are experiencing the following error :
"LDAP Query Failed" (connection resets) for example by user registration,
but by the second try it usually works....
Connection to AD takes place via ldaps and keycloak (1.7.0.Final) running
on a JBoss EAP 6.4 with Java 8 installed.
The complete stacktrace from server.log:
08:47:05,029 ERROR [org.keycloak.services.resources.ModelExceptionMapper]
(http-/159.232.186.74:8443-7) LDAP Query failed:
org.keycloak.models.ModelException: LDAP Query failed
at
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:153)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:160)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.LDAPFederationProvider.loadLDAPUserByUsername(LDAPFederationProvider.java:440)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.LDAPFederationProvider.loadAndValidateUser(LDAPFederationProvider.java:230)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.LDAPFederationProvider.validateAndProxy(LDAPFederationProvider.java:89)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:130)
[keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.models.UserFederationManager.getUserById(UserFederationManager.java:163)
[keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.models.sessions.infinispan.compat.UserSessionAdapter.getUser(UserSessionAdapter.java:62)
[keycloak-model-sessions-infinispan-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:732)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:798)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:750)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.8.0_66]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[rt.jar:1.8.0_66]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.8.0_66]
at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:158)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
[jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
[jboss-as-web-7.5.5.Final-redhat-3.jar:7.5.5.Final-redhat-3]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66]
Caused by: org.keycloak.models.ModelException: Querying of LDAP failed
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery at 7434dc3b
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:158)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:149)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
... 42 more
Caused by: javax.naming.CommunicationException: simple bind failed:
ldaps.AD_hostname:636 [Root exception is java.net.SocketException:
Connection reset]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) [rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) [rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
[rt.jar:1.8.0_66]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
[rt.jar:1.8.0_66]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
[rt.jar:1.8.0_66]
at
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:122)
at org.jboss.as.naming.InitialContext.init(InitialContext.java:107)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
[rt.jar:1.8.0_66]
at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:98)
at
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
[rt.jar:1.8.0_66]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
[rt.jar:1.8.0_66]
at javax.naming.InitialContext.init(InitialContext.java:244)
[rt.jar:1.8.0_66]
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
[rt.jar:1.8.0_66]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.createLdapContext(LDAPOperationManager.java:453)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:518)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:148)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:149)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
... 43 more
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
[rt.jar:1.8.0_66]
at java.net.SocketInputStream.read(SocketInputStream.java:141)
[rt.jar:1.8.0_66]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
[jsse.jar:1.8.0_66]
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
[jsse.jar:1.8.0_66]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
[jsse.jar:1.8.0_66]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[jsse.jar:1.8.0_66]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
[jsse.jar:1.8.0_66]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
[jsse.jar:1.8.0_66]
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
[rt.jar:1.8.0_66]
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
[rt.jar:1.8.0_66]
... 62 more
Anybody else experienced and fixed this?
Thanks,
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160229/7f39d3a2/attachment.html
More information about the keycloak-user
mailing list