Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13265

Ldap connection failed - jenkins loosing FQDN of ldap server

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • ldap-plugin
    • Jenkins in all 1.4xx versions, Linux X86, SLES 10, Apache Tomcat 7.0.14

      Jenkins is configured to use LDAP login which works perfectly. After some time - some times directly after restarting tomcat - the login fails. When checking catalina.out the attached exception is thrown. The reason for the failed login is clear - Jenkins is configured to connect to ldap.my.domain - but when this happens Jenkins forgets "ldap" and tries to connect to my.domain only - for sure this does not work as this is no valid host name.

      To fix this, we need to restart Tomcat until it failes again.

          [JENKINS-13265] Ldap connection failed - jenkins loosing FQDN of ldap server

          Wrong component as this is not about the AD plugin.

          Kohsuke Kawaguchi added a comment - Wrong component as this is not about the AD plugin.

          1 2 added a comment -

          I was having the same issue and found a workaround.
          In my case the problem was due to a rather weird network configuration.
          LDAP server was dc.mycompany.com which resolves to (say) 10.0.10.1.
          In turn my company.com has two IPs assigned: 10.0.10.1 (same as dc.mycompany.com) and 10.0.10.2.

          I believe that Jenkins resolves dc.mycompany.com and then goes back to DNS name with a reverse DNS lookup yielding my company.com instead of dc.mycompany.com.
          When it was time to talk with LDAP server Jenkins resolved mycompany.com and getting either 10.0.10.1 or 10.0.10.2 randomly.
          If it did resolve to the "right" address things worked just fine otherwise LDAP login failed.

          The workaround was to ensure that mycompany.com always resolved to the "right" address with the help of /etc/hosts.

          1 2 added a comment - I was having the same issue and found a workaround. In my case the problem was due to a rather weird network configuration. LDAP server was dc.mycompany.com which resolves to (say) 10.0.10.1. In turn my company.com has two IPs assigned: 10.0.10.1 (same as dc.mycompany.com) and 10.0.10.2. I believe that Jenkins resolves dc.mycompany.com and then goes back to DNS name with a reverse DNS lookup yielding my company.com instead of dc.mycompany.com. When it was time to talk with LDAP server Jenkins resolved mycompany.com and getting either 10.0.10.1 or 10.0.10.2 randomly. If it did resolve to the "right" address things worked just fine otherwise LDAP login failed. The workaround was to ensure that mycompany.com always resolved to the "right" address with the help of /etc/hosts.

          The workaround seems to work here also (even I think this kind of a bad hack). On our end ldap.mycompany.com is a load balancer with 5 or 6 servers behind. So the servers we are talking have different ip addresses - but ldap has one ip address only and the real servers behind should be transparent to Jenkins.

          Joern Muehlencord added a comment - The workaround seems to work here also (even I think this kind of a bad hack). On our end ldap.mycompany.com is a load balancer with 5 or 6 servers behind. So the servers we are talking have different ip addresses - but ldap has one ip address only and the real servers behind should be transparent to Jenkins.

          Toby Harris added a comment - - edited

          This issue along with the posted workaround occurred/worked in 1.509 as well. LDAP plugin 1.6, Tomcat 7 on Windows server 2008 R2
          -edit
          Issue has returned. Same error.

          Toby Harris added a comment - - edited This issue along with the posted workaround occurred/worked in 1.509 as well. LDAP plugin 1.6, Tomcat 7 on Windows server 2008 R2 -edit Issue has returned. Same error.

          Possible dupe of JENKINS-4895?

          Leif Gruenwoldt added a comment - Possible dupe of JENKINS-4895 ?

            Unassigned Unassigned
            jomu78 Joern Muehlencord
            Votes:
            4 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: