LDAP Authentication: Failed to fetch ldap entry

RHEL 6.2 Nuxeo 5.8

Hello,

I have an issue that is not systematicaly.

Sometimes, I can't connect to the Nuxeo Plateform.

My chrome navigator answers me this:

“The proxy server received an invalid response from an upstream server. The proxy server could not handle the request POST /nuxeo/nxstartup.faces.

Reason: Error reading from remote server”

Here' my log in Nuxeo: 2014-03-07 15:48:47,658 ERROR [http-bio-0.0.0.0-8080-exec-23] [org.nuxeo.ecm.platform.login.NuxeoLoginModule] Authentication failed: failed to fetch the ldap entry for somename org.nuxeo.ecm.directory.DirectoryException: failed to fetch the ldap entry for somename

    at org.nuxeo.ecm.directory.ldap.LDAPSession.authenticate(LDAPSession.java:1014)
    at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.checkUsernamePassword(UserManagerImpl.java:382)
    at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:321)
    at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:210)
    at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:261)
    at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
    at sun.reflect.GeneratedMethodAccessor2335.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
    at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:290)
    at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:550)
    at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:35)
    at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:119)
    at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:33)
    at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:410)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsFilter.doFilter(NuxeoCorsFilter.java:51)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:79)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:69)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)

Caused by: javax.naming.CommunicationException: Connexion terminée par expiration du délai d'attente [Root exception is java.net.SocketException: Connexion terminée par expiration du délai d'attente]; remaining name 'ou=qqq,ou=xxxxx,ou=eeee,o=ffff,c=fr'

    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2003)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1789)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
    at sun.reflect.GeneratedMethodAccessor604.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.nuxeo.ecm.directory.ldap.LdapRetryHandler.invoke(LdapRetryHandler.java:59)
    at com.sun.proxy.$Proxy178.search(Unknown Source)
    at org.nuxeo.ecm.directory.ldap.LDAPSession.getLdapEntry(LDAPSession.java:303)
    at org.nuxeo.ecm.directory.ldap.LDAPSession.getLdapEntry(LDAPSession.java:272)
    at org.nuxeo.ecm.directory.ldap.LDAPSession.authenticate(LDAPSession.java:1012)
    ... 45 more

Caused by: java.net.SocketException: Connexion terminée par expiration du délai d'attente

    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:152)
    at java.net.SocketInputStream.read(SocketInputStream.java:122)
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
    at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
    at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
    at com.sun.jndi.ldap.Connection.run(Connection.java:853)
    ... 1 more

2014-03-07 15:48:47,660 INFO [http-bio-0.0.0.0-8080-exec-23] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Login failed for somename Caused by: javax.naming.CommunicationException: Connexion terminée

Thanks for your help.

Regards.

0 votes

1 answers

1346 views

ANSWER



Connexion terminée par expiration du délai d'attente

I'd say it's a question of LDAP latency and request timeout.

You can configure a query time limit on the directories' LDAP extension point. See “queryTimeLimit“. However the timeout may occur on the LDAP side.

0 votes



Thanks for your help.

My Query time limit is 0.

I try this right now…

I've found something in your Git, too, but it was for previous version…

I'll keep you informed.

Regards

03/11/2014