javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'

Jenkins JIRA | Jon Wiswall | 3 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    Logs show that the plugin has correctly matched my username against the right DC and authenticated correctly. All my groups are printed along with some additional ldap content. Then there's a two minute gap in the logs around Stage 2: {noformat} Apr 22, 2014 11:46:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider Stage 2: looking up via memberOf Apr 22, 2014 11:48:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider CN=Jon Wiswall,OU=<ou>,OU=<ou>,DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc> is a member of cn: <group name> {noformat} After the 2-minute break the log prints the first 20 or so of my ~150 group memberships. Looks like the LDAP server gives up at this point: {noformat} Failed to retrieve user information for <username> javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456) {noformat} ... which then fails the Jenkins login with an authentication failed message. I'm sure this is to do with our large Active Directory deployment. Could the plugin only check the username/pw combo, and then if matrix or project-based security is enabled, check if the named groups are present? The initial auth step (which dumps all the groups anyhow) is super fast. (Note: marked bug as 'minor' but I can't really point my team at my Jenkins instance until this works.)

    Jenkins JIRA | 3 years ago | Jon Wiswall
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'
  2. 0

    Logs show that the plugin has correctly matched my username against the right DC and authenticated correctly. All my groups are printed along with some additional ldap content. Then there's a two minute gap in the logs around Stage 2: {noformat} Apr 22, 2014 11:46:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider Stage 2: looking up via memberOf Apr 22, 2014 11:48:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider CN=Jon Wiswall,OU=<ou>,OU=<ou>,DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc> is a member of cn: <group name> {noformat} After the 2-minute break the log prints the first 20 or so of my ~150 group memberships. Looks like the LDAP server gives up at this point: {noformat} Failed to retrieve user information for <username> javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456) {noformat} ... which then fails the Jenkins login with an authentication failed message. I'm sure this is to do with our large Active Directory deployment. Could the plugin only check the username/pw combo, and then if matrix or project-based security is enabled, check if the named groups are present? The initial auth step (which dumps all the groups anyhow) is super fast. (Note: marked bug as 'minor' but I can't really point my team at my Jenkins instance until this works.)

    Jenkins JIRA | 3 years ago | Jon Wiswall
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'
  3. 0

    Causes for instant Timelimit error when accessing AD via java

    Stack Overflow | 4 years ago | DavidA
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name ''
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    [JIRA] [active-directory-plugin] (JENKINS-33213) TimeLimitExceededException produces "Automatic" group lookup strategy not to work

    Google Groups | 1 year ago | fbelzunc@gmail.com (JIRA)
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=xxx,DC=xx,DC=company,DC=com'
  6. 0

    The following stacktrace seems to produce active directory plugin not to fallback into recursive strategy. Workaround is to change the strategy to recursive in the plugin configuration. {code:java} Feb 23, 2016 9:31:54 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Failed to retrieve user information for xxxx javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=xxx,DC=xx,DC=company,DC=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3143) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:533) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.chainGroupLookup(ActiveDirectoryUnixAuthenticationProvider.java:478) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:438) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:318) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:219) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:163) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.authenticate(ActiveDirectorySecurityRealm.java:666) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.cloudbees.opscenter.server.sso.RemoteSecurityRealmImpl.authenticate(RemoteSecurityRealmImpl.java:200) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:608) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:583) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:542) at hudson.remoting.UserRequest.perform(UserRequest.java:120) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:326) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) at org.jenkinsci.remoting.CallableDecorator.call(CallableDecorator.java:18) at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21) at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) {code}

    Jenkins JIRA | 1 year ago | FĂ©lix Belzunce Arcos
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=xxx,DC=xx,DC=company,DC=com'

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. javax.naming.TimeLimitExceededException

      [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'

      at com.sun.jndi.ldap.LdapCtx.mapErrorCode()
    2. Java RT
      LdapNamingEnumeration.hasMore
      1. com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      2. com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      3. com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      4. com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source)
      5. com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
      6. com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
      6 frames
    3. hudson.plugins.active_directory
      ActiveDirectoryUnixAuthenticationProvider.parseMembers
      1. hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456)
      1 frame