Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13265

Ldap connection failed - jenkins loosing FQDN of ldap server

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: ldap-plugin
    • Environment:
      Jenkins in all 1.4xx versions, Linux X86, SLES 10, Apache Tomcat 7.0.14

      Description

      Jenkins is configured to use LDAP login which works perfectly. After some time - some times directly after restarting tomcat - the login fails. When checking catalina.out the attached exception is thrown. The reason for the failed login is clear - Jenkins is configured to connect to ldap.my.domain - but when this happens Jenkins forgets "ldap" and tries to connect to my.domain only - for sure this does not work as this is no valid host name.

      To fix this, we need to restart Tomcat until it failes again.

      1. exception.txt
        8 kB
        Joern Muehlencord

        Activity

        Hide
        kohsuke Kohsuke Kawaguchi added a comment -

        Wrong component as this is not about the AD plugin.

        Show
        kohsuke Kohsuke Kawaguchi added a comment - Wrong component as this is not about the AD plugin.
        Hide
        mejedi 1 2 added a comment -

        I was having the same issue and found a workaround.
        In my case the problem was due to a rather weird network configuration.
        LDAP server was dc.mycompany.com which resolves to (say) 10.0.10.1.
        In turn my company.com has two IPs assigned: 10.0.10.1 (same as dc.mycompany.com) and 10.0.10.2.

        I believe that Jenkins resolves dc.mycompany.com and then goes back to DNS name with a reverse DNS lookup yielding my company.com instead of dc.mycompany.com.
        When it was time to talk with LDAP server Jenkins resolved mycompany.com and getting either 10.0.10.1 or 10.0.10.2 randomly.
        If it did resolve to the "right" address things worked just fine otherwise LDAP login failed.

        The workaround was to ensure that mycompany.com always resolved to the "right" address with the help of /etc/hosts.

        Show
        mejedi 1 2 added a comment - I was having the same issue and found a workaround. In my case the problem was due to a rather weird network configuration. LDAP server was dc.mycompany.com which resolves to (say) 10.0.10.1. In turn my company.com has two IPs assigned: 10.0.10.1 (same as dc.mycompany.com) and 10.0.10.2. I believe that Jenkins resolves dc.mycompany.com and then goes back to DNS name with a reverse DNS lookup yielding my company.com instead of dc.mycompany.com. When it was time to talk with LDAP server Jenkins resolved mycompany.com and getting either 10.0.10.1 or 10.0.10.2 randomly. If it did resolve to the "right" address things worked just fine otherwise LDAP login failed. The workaround was to ensure that mycompany.com always resolved to the "right" address with the help of /etc/hosts.
        Hide
        jomu78 Joern Muehlencord added a comment -

        The workaround seems to work here also (even I think this kind of a bad hack). On our end ldap.mycompany.com is a load balancer with 5 or 6 servers behind. So the servers we are talking have different ip addresses - but ldap has one ip address only and the real servers behind should be transparent to Jenkins.

        Show
        jomu78 Joern Muehlencord added a comment - The workaround seems to work here also (even I think this kind of a bad hack). On our end ldap.mycompany.com is a load balancer with 5 or 6 servers behind. So the servers we are talking have different ip addresses - but ldap has one ip address only and the real servers behind should be transparent to Jenkins.
        Hide
        kazikagi Toby Harris added a comment - - edited

        This issue along with the posted workaround occurred/worked in 1.509 as well. LDAP plugin 1.6, Tomcat 7 on Windows server 2008 R2
        -edit
        Issue has returned. Same error.

        Show
        kazikagi Toby Harris added a comment - - edited This issue along with the posted workaround occurred/worked in 1.509 as well. LDAP plugin 1.6, Tomcat 7 on Windows server 2008 R2 -edit Issue has returned. Same error.
        Hide
        leif81 Leif Gruenwoldt added a comment -

        Possible dupe of JENKINS-4895?

        Show
        leif81 Leif Gruenwoldt added a comment - Possible dupe of JENKINS-4895 ?

          People

          • Assignee:
            Unassigned
            Reporter:
            jomu78 Joern Muehlencord
          • Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated: