Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8569

DomainDnsZones UnknownHostException

    Details

    • Type: Bug
    • Status: Reopened (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: ldap-plugin
    • Labels:
      None
    • Environment:
      UNIX - Solaris
    • Similar Issues:

      Description

      Attempting to utilise this plug-in v1.17 with Hudson 1.381 on Solaris I cannot get it to authenticate with the corporate Active Directory.

      It collects all the domain controllers correctly, tries each one and every time I find this error;

      Root exception is javax.naming.CommunicationException: DomainDnsZones.<company intranet>.com:389 [Root exception is java.net.UnknownHostException: DomainDnsZones.<company intranet>.com]]

      Does it need to check this? Could it merely ignore the return value as is done here;
      http://forum.springsource.org/showthread.php?t=95544

      They say they solved it by changing they're code thus :-

      In case someone got stuck I found the solution

      ldapTemplate.setIgnorePartialResultException(true) ;
      or
      <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate" >
      <property name="ignorePartialResultException" value="true"></property>
      <constructor-arg ref="contextSource" />
      </bean>

      • david

        Attachments

          Activity

          Hide
          kohsuke Kohsuke Kawaguchi added a comment -

          Please report the entire stack trace, not just the top line. But if my hunch is right, the "Plugin shouldn't requre A reocrd on the domain" fix in the upcoming 1.21 have fixed this.

          Show
          kohsuke Kohsuke Kawaguchi added a comment - Please report the entire stack trace, not just the top line. But if my hunch is right, the "Plugin shouldn't requre A reocrd on the domain" fix in the upcoming 1.21 have fixed this.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          The issue appears in jenkins-1.532 and ldap-1.6

          Configuration:

           <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
              <server>XXXX</server>
              <rootDN>DC=XXXX,DC=XXXX,DC=com</rootDN>
              <inhibitInferRootDN>false</inhibitInferRootDN>
              <userSearchBase></userSearchBase>
              <userSearch>XXXX={0}</userSearch>
              <managerDN>ldapuser@XXXX/managerDN>
              <managerPassword>XXXX</managerPassword>
              <disableMailAddressResolver>false</disableMailAddressResolver>
              <cache>
                <size>50</size>
                <ttl>3600</ttl>
              </cache>
            </securityRealm>
          

          Stacktrace:

          INFO: Login attempt failed
          org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]]
                  at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)
                  at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)
                  at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
                  at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)
                  at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74)
                  at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
                  at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
                  at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
                  at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
                  at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
                  at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
                  at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
                  at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
                  at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
                  at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
                  at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
                  at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
                  at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
                  at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
                  at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
                  at java.util.concurrent.FutureTask.run(Unknown Source)
                  at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
                  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
                  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
                  at java.lang.Thread.run(Unknown Source)
          Caused by: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]]
                  at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295)
                  at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
                  at org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246)
                  at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119)
                  at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71)
                  at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
                  at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
                  ... 32 more
          Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]]
                  at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
                  at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
                  at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:257)
                  at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
                  ... 37 more
          Caused by: javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]
                  at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source)
                  at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown Source)
                  at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
                  ... 41 more
          Caused by: java.net.ConnectException: Connection timed out
                  at java.net.PlainSocketImpl.socketConnect(Native Method)
                  at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
                  at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
                  at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
                  at java.net.SocksSocketImpl.connect(Unknown Source)
                  at java.net.Socket.connect(Unknown Source)
                  at java.net.Socket.connect(Unknown Source)
                  at java.net.Socket.<init>(Unknown Source)
          
          Show
          oleg_nenashev Oleg Nenashev added a comment - The issue appears in jenkins-1.532 and ldap-1.6 Configuration: <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6"> <server>XXXX</server> <rootDN>DC=XXXX,DC=XXXX,DC=com</rootDN> <inhibitInferRootDN>false</inhibitInferRootDN> <userSearchBase></userSearchBase> <userSearch>XXXX={0}</userSearch> <managerDN>ldapuser@XXXX/managerDN> <managerPassword>XXXX</managerPassword> <disableMailAddressResolver>false</disableMailAddressResolver> <cache> <size>50</size> <ttl>3600</ttl> </cache> </securityRealm> Stacktrace: INFO: Login attempt failed org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]] at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:74) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]] at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) at org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246) at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233) ... 32 more Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out]] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source) at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:257) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) ... 37 more Caused by: javax.naming.CommunicationException: DomainDnsZones.internal.synopsys.com:389 [Root exception is java.net.ConnectException: Connection timed out] at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source) at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source) ... 41 more Caused by: java.net.ConnectException: Connection timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.<init>(Unknown Source)
          Hide
          iaon Ivan Onushkin added a comment -

          Confirm on Jenkins ver. 1.598 ldap-1.8

          But looks like the problem has gone after change ldap server value from "ldap.company.com" to "ldap://ldap.company.com"

          Show
          iaon Ivan Onushkin added a comment - Confirm on Jenkins ver. 1.598 ldap-1.8 But looks like the problem has gone after change ldap server value from "ldap.company.com" to "ldap://ldap.company.com"

            People

            • Assignee:
              Unassigned
              Reporter:
              landau351 landau351
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: