[keycloak-user] LDAP Query Failed - AD connection reset

Adrian Matei adrianmatei at gmail.com
Tue Mar 1 02:48:44 EST 2016


Thanks Edgar,

I had also found that resource (atlassian) - I am glad it is working by
you... I will try the same and see what happens....

Best regards
Adrian


On Mon, Feb 29, 2016 at 3:17 PM, Edgar Vonk - Info.nl <Edgar at info.nl> wrote:

> Yes, we had the same issue. For us the solution was:
> http://lists.jboss.org/pipermail/keycloak-user/2016-February/004961.html
>
> cheers
>
> Edgar
>
>
> > On 29 Feb 2016, at 10:58, Adrian Matei <adrianmatei at gmail.com> wrote:
> >
> > Hi everyone,
> >
> > From time to time we are experiencing the following error :
> > "LDAP Query Failed" (connection resets) for example by user
> registration, but by the second try it usually works....
> >
> > Connection to AD takes place via ldaps and keycloak (1.7.0.Final)
> running on a JBoss EAP 6.4 with Java 8 installed.
> >
> > The complete stacktrace from server.log:
> > 08:47:05,029 ERROR
> [org.keycloak.services.resources.ModelExceptionMapper]
> (http-/159.232.186.74:8443-7) LDAP Query failed:
> org.keycloak.models.ModelException: LDAP Query failed
> >  at
> org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:153)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:160)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.LDAPFederationProvider.loadLDAPUserByUsername(LDAPFederationProvider.java:440)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.LDAPFederationProvider.loadAndValidateUser(LDAPFederationProvider.java:230)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.LDAPFederationProvider.validateAndProxy(LDAPFederationProvider.java:89)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:130)
> [keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.models.UserFederationManager.getUserById(UserFederationManager.java:163)
> [keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.models.sessions.infinispan.compat.UserSessionAdapter.getUser(UserSessionAdapter.java:62)
> [keycloak-model-sessions-infinispan-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:732)
> [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:798)
> [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:750)
> [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
> >  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.8.0_66]
> >  at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> [rt.jar:1.8.0_66]
> >  at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.8.0_66]
> >  at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]
> >  at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:158)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
> >  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
> >  at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
> [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
> [jboss-as-web-7.5.5.Final-redhat-3.jar:7.5.5.Final-redhat-3]
> >  at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
> >  at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66]
> >  Caused by: org.keycloak.models.ModelException: Querying of LDAP failed
> org.keycloak.federation.ldap.idm.query.internal.LDAPQuery at 7434dc3b
> >  at
> org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:158)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:149)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  ... 42 more
> >  Caused by: javax.naming.CommunicationException: simple bind failed:
> ldaps.AD_hostname:636 [Root exception is java.net.SocketException:
> Connection reset]
> >  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
> [rt.jar:1.8.0_66]
> >  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
> [rt.jar:1.8.0_66]
> >  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) [rt.jar:1.8.0_66]
> >  at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
> [rt.jar:1.8.0_66]
> >  at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
> [rt.jar:1.8.0_66]
> >  at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
> [rt.jar:1.8.0_66]
> >  at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
> [rt.jar:1.8.0_66]
> >  at
> org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:122)
> >  at org.jboss.as.naming.InitialContext.init(InitialContext.java:107)
> >  at
> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
> [rt.jar:1.8.0_66]
> >  at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:98)
> >  at
> org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
> >  at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
> [rt.jar:1.8.0_66]
> >  at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
> [rt.jar:1.8.0_66]
> >  at javax.naming.InitialContext.init(InitialContext.java:244)
> [rt.jar:1.8.0_66]
> >  at
> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
> [rt.jar:1.8.0_66]
> >  at
> org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.createLdapContext(LDAPOperationManager.java:453)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:518)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:148)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  at
> org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:149)
> [keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
> >  ... 43 more
> >  Caused by: java.net.SocketException: Connection reset
> >  at java.net.SocketInputStream.read(SocketInputStream.java:209)
> [rt.jar:1.8.0_66]
> >  at java.net.SocketInputStream.read(SocketInputStream.java:141)
> [rt.jar:1.8.0_66]
> >  at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> [jsse.jar:1.8.0_66]
> >  at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> [jsse.jar:1.8.0_66]
> >  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
> [jsse.jar:1.8.0_66]
> >  at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
> [jsse.jar:1.8.0_66]
> >  at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
> [jsse.jar:1.8.0_66]
> >  at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
> [jsse.jar:1.8.0_66]
> >  at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> [rt.jar:1.8.0_66]
> >  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> [rt.jar:1.8.0_66]
> >  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
> [rt.jar:1.8.0_66]
> >  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
> [rt.jar:1.8.0_66]
> >  at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
> [rt.jar:1.8.0_66]
> >  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
> [rt.jar:1.8.0_66]
> >  ... 62 more
> >
> > Anybody else experienced and fixed this?
> >
> > Thanks,
> > Adrian
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160301/97b9e9e0/attachment.html 


More information about the keycloak-user mailing list