• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • ldap-plugin
    • None
    • Platform: All, OS: All

      I have Hudson 1.255 running in tomcat 6.0. Security is enabled in Hudson using
      Hudson's integrated LDAP authentication feature.

      Everything works fine for awhile and as long as I am active on the site.
      However, if I close the browser (firefox 3.0.3) and subsequently attempt to
      access the site after several hours of inactivity I consistently run into the
      following problem:

      Oct 17, 2008 10:46:03 PM hudson.security.LDAPSecurityRealm$1 loadUserByUsername
      WARNING: Failed to search LDAP for username=someuser
      org.acegisecurity.ldap.LdapDataAccessException:
      LdapCallback;directory.mycompany.com:389; socket closed; nested exception is
      javax.naming.ServiceUnavailableException: directory.mycompany.com:389; socket
      closed; remaining name ''
      at
      org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295)
      at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
      at org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246)
      at
      org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119)
      at
      hudson.security.LDAPSecurityRealm$1.loadUserByUsername(LDAPSecurityRealm.java:187)
      at
      hudson.security.UserDetailsServiceProxy.loadUserByUsername(UserDetailsServiceProxy.java:21)
      at
      org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.loadUserDetails(TokenBasedRememberMeServices.java:308)
      at
      org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.autoLogin(TokenBasedRememberMeServices.java:218)
      at
      hudson.security.RememberMeServicesProxy.autoLogin(RememberMeServicesProxy.java:30)
      at
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:104)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:42)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:44)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
      at
      org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at
      org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at
      org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      at
      org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at
      org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:394)
      at
      org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
      at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
      at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
      at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
      at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
      at
      org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
      at
      org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
      at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.naming.ServiceUnavailableException:
      directory.mycompany.com:389; socket closed; remaining name ''
      at com.sun.jndi.ldap.Connection.readReply(Connection.java:410)
      at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
      at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
      at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1944)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1806)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1748)
      at
      com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
      at
      com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
      at
      com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
      at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
      at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:249)
      at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
      ... 35 more

      Any suggestions? Is there a place where I can configure this problem away?

          [JENKINS-2489] ldap authentication problem in tomcat

          Alan Harder added a comment -

          Test build with spring framework 2.0.5 now updated for near-Hudson-1.350. Kohsuke is against upgrading (due to plugin compatibility issues), so it only has a chance to happen if several people tell us it makes things work in an environment where 1.0.5 fails. Will close this issue soon if there are no responses.

          Alan Harder added a comment - Test build with spring framework 2.0.5 now updated for near-Hudson-1.350. Kohsuke is against upgrading (due to plugin compatibility issues), so it only has a chance to happen if several people tell us it makes things work in an environment where 1.0.5 fails. Will close this issue soon if there are no responses.

          chrisabit added a comment -

          We definitely have EXACTLY the same problem. After session timeouts we get...

          Caused by: javax.naming.ServiceUnavailableException: ldap:389; socket closed; remaining name 'ou=lvmuser'
          at com.sun.jndi.ldap.Connection.readReply(Connection.java:419)
          at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
          at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
          at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
          at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
          at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
          at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
          at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:249)
          at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
          ... 33 more

          Nothing works. Neither hacking LDAPSecurityRealm.groovy nor setting Connection-Pool parameters. Without a solid bugfix we are LOST. (Maybe we have a chance to meet Evangeline Lilly now

          Furthermore we discovered this (catalina.out):

          Caused by: java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1156)
          at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509)
          at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1474)
          at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392)
          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150)
          at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509)
          at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:416)
          at java.lang.Throwable.writeObject(Throwable.java:648)
          at sun.reflect.GeneratedMethodAccessor359.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:945)
          at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1461)
          at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392)
          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150)
          at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509)
          at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:416)
          at java.lang.Throwable.writeObject(Throwable.java:648)
          at sun.reflect.GeneratedMethodAccessor359.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:945)
          at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1461)
          at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392)
          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150)
          at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:326)
          at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1478)
          at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:948)
          at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:517)
          at org.apache.catalina.session.StandardManager.unload(StandardManager.java:463)
          at org.apache.catalina.session.StandardManager.stop(StandardManager.java:667)
          at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4363)
          at org.apache.catalina.manager.ManagerServlet.stop(ManagerServlet.java:1227)
          at org.apache.catalina.manager.HTMLManagerServlet.stop(HTMLManagerServlet.java:563)
          at org.apache.catalina.manager.HTMLManagerServlet.doGet(HTMLManagerServlet.java:107)

          What we ALSO discovered analysing some DIFFERENT LDAP-Implementations (Netscape...) we saw strange ServiceUnavailableException handlings:

          => Get Connection from pool
          => Perform a LDAP search
          => catch ServiceUnavailableException
          => Try LDAP search AGAIN

          I suppose those paranoia hacks aren't programmed in the org.acegisecurity.ldap implementation...

          chrisabit added a comment - We definitely have EXACTLY the same problem. After session timeouts we get... Caused by: javax.naming.ServiceUnavailableException: ldap:389; socket closed; remaining name 'ou=lvmuser' at com.sun.jndi.ldap.Connection.readReply(Connection.java:419) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:249) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) ... 33 more Nothing works. Neither hacking LDAPSecurityRealm.groovy nor setting Connection-Pool parameters. Without a solid bugfix we are LOST. (Maybe we have a chance to meet Evangeline Lilly now Furthermore we discovered this (catalina.out): Caused by: java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1156) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1474) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:416) at java.lang.Throwable.writeObject(Throwable.java:648) at sun.reflect.GeneratedMethodAccessor359.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:945) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1461) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:416) at java.lang.Throwable.writeObject(Throwable.java:648) at sun.reflect.GeneratedMethodAccessor359.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:945) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1461) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:326) at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1478) at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:948) at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:517) at org.apache.catalina.session.StandardManager.unload(StandardManager.java:463) at org.apache.catalina.session.StandardManager.stop(StandardManager.java:667) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4363) at org.apache.catalina.manager.ManagerServlet.stop(ManagerServlet.java:1227) at org.apache.catalina.manager.HTMLManagerServlet.stop(HTMLManagerServlet.java:563) at org.apache.catalina.manager.HTMLManagerServlet.doGet(HTMLManagerServlet.java:107) What we ALSO discovered analysing some DIFFERENT LDAP-Implementations (Netscape...) we saw strange ServiceUnavailableException handlings: => Get Connection from pool => Perform a LDAP search => catch ServiceUnavailableException => Try LDAP search AGAIN I suppose those paranoia hacks aren't programmed in the org.acegisecurity.ldap implementation...

          Alan Harder added a comment -

          chrisabit, what behavior did you see with the spring 2.0.5 test build?

          Alan Harder added a comment - chrisabit, what behavior did you see with the spring 2.0.5 test build?

          Hi,

          thanks for making available the new spring 2.0.5 test build. I will need to set up a test environment and hopefully soon I'll be able to report my findings.

          thanks!

          Andrea Barbieri added a comment - Hi, thanks for making available the new spring 2.0.5 test build. I will need to set up a test environment and hopefully soon I'll be able to report my findings. thanks!

          chrisabit added a comment -

          You mean that http://moshpit.org/hudson.war ? Same problem !

          chrisabit added a comment - You mean that http://moshpit.org/hudson.war ? Same problem !

          chrisabit added a comment -

          Ok - we gave up. Pity. Hudson-LDAP simply doesn't work in our environment. We've created an tomcat valve for authentification & SSO instead. By the way... Nexus LDAP-Auth works on the SAME SYSTEM !!!

          chrisabit added a comment - Ok - we gave up. Pity. Hudson-LDAP simply doesn't work in our environment. We've created an tomcat valve for authentification & SSO instead. By the way... Nexus LDAP-Auth works on the SAME SYSTEM !!!

          Larry Shatzer, Jr. added a comment - - edited

          I have the same problem. Not sure what is causing it, but randomly I'll get this in the log files, and then either I wait a while or restart Hudson to be able to log back in:

          Also, I'm just starting hudson up with java -jar hudson.war, so this is not inside of Tomcat.

          Jun 22, 2010 12:43:11 PM hudson.security.LDAPSecurityRealm$LDAPUserDetailsService loadUserByUsername
          WARNING: Failed to search LDAP for username=lshatzer
          org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com.com:389; socket closed; remaining name 'ou=People,o=company.com'
                  at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295)
                  at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
                  at org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246)
                  at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119)
                  at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:396)
                  at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.loadUserDetails(TokenBasedRememberMeServices.java:308)
                  at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.autoLogin(TokenBasedRememberMeServices.java:218)
                  at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:104)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
                  at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
                  at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
                  at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
                  at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
                  at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
                  at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
                  at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
                  at java.lang.Thread.run(Thread.java:619)
          Caused by: javax.naming.ServiceUnavailableException: ds.company.com:389; socket closed; remaining name 'ou=People,o=company.com'
                  at com.sun.jndi.ldap.Connection.readReply(Connection.java:416)
                  at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
                  at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
                  at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
                  at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
                  at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
                  at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
                  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
                  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
                  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
                  at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
                  at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:249)
                  at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
                  ... 22 more
          

          When I try to log in:

          Jun 22, 2010 12:52:44 PM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
          INFO: Login attempt failed
          org.acegisecurity.AuthenticationServiceException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com'; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com'
                  at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238)
                  at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
                  at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
                  at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
                  at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
                  at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
                  at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
                  at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                  at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
                  at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
                  at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
                  at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
                  at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
                  at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
                  at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
                  at java.lang.Thread.run(Thread.java:619)
          Caused by: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com'
                  at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295)
                  at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128)
                  at org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246)
                  at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119)
                  at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71)
                  at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
                  at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
                  ... 19 more
          Caused by: javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com'
                  at com.sun.jndi.ldap.Connection.readReply(Connection.java:416)
                  at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
                  at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
                  at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
                  at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
                  at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
                  at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766)
                  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
                  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
                  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
                  at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
                  at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:249)
                  at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126)
                  ... 24 more
          

          Larry Shatzer, Jr. added a comment - - edited I have the same problem. Not sure what is causing it, but randomly I'll get this in the log files, and then either I wait a while or restart Hudson to be able to log back in: Also, I'm just starting hudson up with java -jar hudson.war, so this is not inside of Tomcat. Jun 22, 2010 12:43:11 PM hudson.security.LDAPSecurityRealm$LDAPUserDetailsService loadUserByUsername WARNING: Failed to search LDAP for username=lshatzer org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com.com:389; socket closed; remaining name 'ou=People,o=company.com' at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) at org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246) at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119) at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:396) at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.loadUserDetails(TokenBasedRememberMeServices.java:308) at org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.autoLogin(TokenBasedRememberMeServices.java:218) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:104) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at winstone.FilterConfiguration.execute(FilterConfiguration.java:195) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) at java.lang.Thread.run(Thread.java:619) Caused by: javax.naming.ServiceUnavailableException: ds.company.com:389; socket closed; remaining name 'ou=People,o=company.com' at com.sun.jndi.ldap.Connection.readReply(Connection.java:416) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:249) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) ... 22 more When I try to log in: Jun 22, 2010 12:52:44 PM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication INFO: Login attempt failed org.acegisecurity.AuthenticationServiceException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com'; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com' at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:238) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at winstone.FilterConfiguration.execute(FilterConfiguration.java:195) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) at java.lang.Thread.run(Thread.java:619) Caused by: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;ldap.company.com:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com' at org.acegisecurity.ldap.LdapTemplate$LdapExceptionTranslator.translate(LdapTemplate.java:295) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:128) at org.acegisecurity.ldap.LdapTemplate.searchForSingleEntry(LdapTemplate.java:246) at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:119) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:71) at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49) at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233) ... 19 more Caused by: javax.naming.ServiceUnavailableException: ldap.company.com:389; socket closed; remaining name 'ou=People,o=company.com' at com.sun.jndi.ldap.Connection.readReply(Connection.java:416) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1766) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.acegisecurity.ldap.LdapTemplate$3.doInDirContext(LdapTemplate.java:249) at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:126) ... 24 more

          yrsone added a comment -

          Still not working with Jenkins 1.398 (Standalone).

          Same problem ...

           
          23 févr. 2011 11:44:30 hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
          INFO: Login attempt failed
          org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: *****:389 [Root exception is java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: *****:389 [Root exception is java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine]]
                  at ...
          

          yrsone added a comment - Still not working with Jenkins 1.398 (Standalone). Same problem ... 23 févr. 2011 11:44:30 hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication INFO: Login attempt failed org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: *****:389 [Root exception is java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: *****:389 [Root exception is java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine]] at ...

          seg phault added a comment -

          We have the same issue with Jenkins 1.410 running under Tomcat7 on Server 2008 R2. It seems that Jenkins periodically stops trying to authenticate to the specified server, e.g. derp.mycompany.com, and starts trying to authenticate to mycompany.com.

          seg phault added a comment - We have the same issue with Jenkins 1.410 running under Tomcat7 on Server 2008 R2. It seems that Jenkins periodically stops trying to authenticate to the specified server, e.g. derp.mycompany.com, and starts trying to authenticate to mycompany.com.

          Jesse Glick added a comment -

          If 1.289 changed things, JENKINS-2256 or JENKINS-1475 would be related.

          Jesse Glick added a comment - If 1.289 changed things, JENKINS-2256 or JENKINS-1475 would be related.

            Unassigned Unassigned
            jonathan_w_brown jonathan_w_brown
            Votes:
            10 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: