Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42687

Intermittent login failures PartialResultException using the LDAP catalog (389/686)

    Details

    • Similar Issues:

      Description

      Using the LDAP catalog (usually ports 389/686) I have noticed that hasMore is failing with PartialResultExceptionCaused by: java.net.SocketException: Connection reset intermittently. The funny thing is that if that the user details are always returned and it is just that the search is returning the user result plus the PartialResultException.

      I had difficulties on understanding why this is happening, but according to Spring LDAP it seems that it might be a common situation on some Windows Server. Folks also said that applying a Windows Update might fix the problem.

      The relevant stacktrace is the one posted below.

      2016-12-16 18:26:40.033+0000 [id=161]   WARNING h.p.a.ActiveDirectoryUnixAuthenticationProvider$1#call: Failed to retrieve user information for <USER_ID> javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: <DOMAIN>:636 [Root exception is java.net.SocketException: Connection reset]]
          at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:237)
          at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:347)
          at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227)
          at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189)
          at hudson.plugins.active_directory.LDAPSearchBuilder.searchOne(LDAPSearchBuilder.java:86)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:339)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:265)
          at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
          at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
          at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
          at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
          at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
          at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
          at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:265)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:230)
          at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172)
          at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
          at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
          at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
          at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
          at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
          at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
          at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
          at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
          at org.eclipse.jetty.server.Server.handle(Server.java:499)
          at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
          at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
          at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          at java.lang.Thread.run(Thread.java:745)
      Caused by: javax.naming.CommunicationException: simple bind failed: <DOMAIN>:636 [Root exception is java.net.SocketException: Connection reset]
          at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:95)
          at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150)
          at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325)
          at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227)
          ... 54 more
      Caused by: java.net.SocketException: Connection reset
          at java.net.SocketInputStream.read(SocketInputStream.java:209)
          at java.net.SocketInputStream.read(SocketInputStream.java:141)
          at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
          at sun.security.ssl.InputRecord.read(InputRecord.java:503)
          at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
          at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
          at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
          at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
          at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
          at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
          at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
          at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
          at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
          at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
          at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151)
          at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52)
          at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601)
          at javax.naming.spi.NamingManager.processURL(NamingManager.java:381)
          at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361)
          at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333)
          at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:114)
          ... 57 more
      

       

       

       

       

        Attachments

          Activity

          Show
          fbelzunc Félix Belzunce Arcos added a comment - - edited See also: https://github.com/spring-projects/spring-security/commit/150f3d97d017093a51a9e324c0247e2b3e59f97b https://github.com/spring-projects/spring-ldap/issues/152
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Felix Belzunce Arcos
          Path:
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/LDAPSearchBuilder.java
          http://jenkins-ci.org/commit/active-directory-plugin/bdcfc6a63f73d344b500627f2db0d982aec7ba54
          Log:
          Merge pull request #67 from fbelzunc/JENKINS-42687

          [FIXED JENKINS-42686] Better handle of PartialResultException

          Compare: https://github.com/jenkinsci/active-directory-plugin/compare/943701dbf3d5...bdcfc6a63f73

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Felix Belzunce Arcos Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/LDAPSearchBuilder.java http://jenkins-ci.org/commit/active-directory-plugin/bdcfc6a63f73d344b500627f2db0d982aec7ba54 Log: Merge pull request #67 from fbelzunc/ JENKINS-42687 [FIXED JENKINS-42686] Better handle of PartialResultException Compare: https://github.com/jenkinsci/active-directory-plugin/compare/943701dbf3d5...bdcfc6a63f73
          Hide
          fbelzunc Félix Belzunce Arcos added a comment -

          Released in 2.2

          Show
          fbelzunc Félix Belzunce Arcos added a comment - Released in 2.2

            People

            • Assignee:
              fbelzunc Félix Belzunce Arcos
              Reporter:
              fbelzunc Félix Belzunce Arcos
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: