javax.naming.CommunicationException: simple bind failed: 10.10.10.10:389 [Root exception is java.net.SocketException: Connection reset]

Jenkins JIRA | Jarrett Taylor | 5 years ago
  1. 0

    It appears that Active Directory (and presumably LDAP) authentication fails if the user is a member of a group with special characters in the name. Realistically, retrieveUser fails which makes it look like an authentication issue. To resolve this, the DN of the group needs to be properly escaped before calling context.getAttributes(dn). This is probably related to the incomplete fix applied in JENKINS-3249 (https://issues.jenkins-ci.org/browse/JENKINS-3249). The group that is failing is one we use to test our own LDAP code. It is named: test,+"\<>;=/role Here is the log information related to the authentication failure (with identifying data replaced): Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Exhausted all configured domains and could not authenticat against any. Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Credential exception tying to authenticate against EXAMPLE.COM domain org.acegisecurity.BadCredentialsException: Failed to retrieve user information for example.user; nested exception is javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:180) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) ... 37 more Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Failed to retrieve user information for example.user javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider resolveGroups FINE: Example User is a member of CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider resolveGroups FINE: Example User is a member of CN=Working Example,OU=Groups,DC=Example,DC=com Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser FINE: Failed to find example.user in userPrincipalName. Trying sAMAccountName Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl bind FINE: Bound to b-ad-01.example.com:3269 Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl bind WARNING: Failed to bind to 10.10.10.10:389 javax.naming.CommunicationException: simple bind failed: 10.10.10.10:389 [Root exception is java.net.SocketException: Connection reset] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:293) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:142) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:168) at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:396) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) ... 43 more Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl obtainLDAPServer FINE: _gc._tcp.EXAMPLE.COM resolved to [b-ad-01.example.com:3269, b-ad-01.example.com:3269, c-ad-01.example.com:3269, v-ad-01.example.com:3269, j-ad-01.example.com:3269, s-ms-ad-01.example.com:3269, b-ms-ad-01.example.com:3269] Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl obtainLDAPServer FINE: Attempting to resolve _gc._tcp.EXAMPLE.COM to SRV record

    Jenkins JIRA | 5 years ago | Jarrett Taylor
    javax.naming.CommunicationException: simple bind failed: 10.10.10.10:389 [Root exception is java.net.SocketException: Connection reset]
  2. 0

    It appears that Active Directory (and presumably LDAP) authentication fails if the user is a member of a group with special characters in the name. Realistically, retrieveUser fails which makes it look like an authentication issue. To resolve this, the DN of the group needs to be properly escaped before calling context.getAttributes(dn). This is probably related to the incomplete fix applied in JENKINS-3249 (https://issues.jenkins-ci.org/browse/JENKINS-3249). The group that is failing is one we use to test our own LDAP code. It is named: test,+"\<>;=/role Here is the log information related to the authentication failure (with identifying data replaced): Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Exhausted all configured domains and could not authenticat against any. Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Credential exception tying to authenticate against EXAMPLE.COM domain org.acegisecurity.BadCredentialsException: Failed to retrieve user information for example.user; nested exception is javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:180) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) ... 37 more Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Failed to retrieve user information for example.user javax.naming.InvalidNameException: "CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com": [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090709, comment: Error processing name, data 0, v1db0]; remaining name '"CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com"' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:223) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider resolveGroups FINE: Example User is a member of CN=test\,\+\"\\\<\>\;\=/role,OU=Groups,DC=Example,DC=com Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider resolveGroups FINE: Example User is a member of CN=Working Example,OU=Groups,DC=Example,DC=com Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser FINE: Failed to find example.user in userPrincipalName. Trying sAMAccountName Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl bind FINE: Bound to b-ad-01.example.com:3269 Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl bind WARNING: Failed to bind to 10.10.10.10:389 javax.naming.CommunicationException: simple bind failed: 10.10.10.10:389 [Root exception is java.net.SocketException: Connection reset] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:293) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:142) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:168) at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:396) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) ... 43 more Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl obtainLDAPServer FINE: _gc._tcp.EXAMPLE.COM resolved to [b-ad-01.example.com:3269, b-ad-01.example.com:3269, c-ad-01.example.com:3269, v-ad-01.example.com:3269, j-ad-01.example.com:3269, s-ms-ad-01.example.com:3269, b-ms-ad-01.example.com:3269] Feb 27, 2012 11:43:13 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl obtainLDAPServer FINE: Attempting to resolve _gc._tcp.EXAMPLE.COM to SRV record

    Jenkins JIRA | 5 years ago | Jarrett Taylor
    javax.naming.CommunicationException: simple bind failed: 10.10.10.10:389 [Root exception is java.net.SocketException: Connection reset]
  3. Speed up your debug routine!

    Automated exception search integrated into your IDE

  4. 0

    Caused by: java.net.SocketException: Connection reset

    Stack Overflow | 2 years ago | nrvmodi
    org.springframework.security.authentication.AuthenticationServiceException: Error decoding incoming SAML message

  1. r1chjames 2 times, last 20 hours ago
  2. DannyDBag 1 times, last 6 days ago
  3. Aria Pahlavan 9 times, last 2 weeks ago
  4. serious2monkeys 1 times, last 3 weeks ago
  5. tvrmsmith 1 times, last 4 weeks ago
22 more registered users
73 unregistered visitors
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. java.net.SocketException

    Connection reset

    at java.net.SocketInputStream.read()
  2. Java RT
    SocketInputStream.read
    1. java.net.SocketInputStream.read(SocketInputStream.java:168)
    1 frame
  3. Java JSSE
    AppOutputStream.write
    1. com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
    2. com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
    3. com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
    4. com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    5. com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
    6. com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    6 frames
  4. Java RT
    LdapCtxFactory.getLdapCtxInstance
    1. java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    2. java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    3. com.sun.jndi.ldap.Connection.writeRequest(Connection.java:396)
    4. com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
    5. com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
    6. com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
    7. com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
    8. com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    9. com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
    9 frames
  5. hudson.plugins.active_directory
    ActiveDirectoryUnixAuthenticationProvider.retrieveUser
    1. hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.bind(ActiveDirectorySecurityRealm.java:293)
    2. hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:142)
    3. hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:116)
    4. hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:83)
    4 frames
  6. Acegi Security Core
    AbstractProcessingFilter.doFilter
    1. org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
    2. org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
    3. org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
    4. org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
    5. org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
    5 frames
  7. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  8. Acegi Security Core
    BasicProcessingFilter.doFilter
    1. org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
    1 frame
  9. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  10. jenkins.security
    ApiTokenFilter.doFilter
    1. jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
    1 frame
  11. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  12. Acegi Security Core
    HttpSessionContextIntegrationFilter.doFilter
    1. org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    1 frame
  13. Hudson
    HudsonFilter.doFilter
    1. hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
    2. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    3. hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    4. hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    4 frames
  14. Glassfish Core
    ApplicationFilterChain.doFilter
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    2 frames
  15. Hudson
    CharacterEncodingFilter.doFilter
    1. hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    1 frame
  16. Glassfish Core
    CoyoteAdapter.service
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    3. org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
    4. org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
    5. org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
    6. org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
    7. org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
    8. org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
    9. org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    10. org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395)
    10 frames
  17. org.apache.coyote
    AjpProtocol$AjpConnectionHandler.process
    1. org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:301)
    2. org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:183)
    3. org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:169)
    3 frames
  18. Grizzly HTTP
    JIoEndpoint$SocketProcessor.run
    1. org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
    1 frame
  19. Java RT
    Thread.run
    1. java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    2. java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    3. java.lang.Thread.run(Thread.java:662)
    3 frames