javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'

Jenkins JIRA | Jon Wiswall | 3 years ago
  1. 0

    Logs show that the plugin has correctly matched my username against the right DC and authenticated correctly. All my groups are printed along with some additional ldap content. Then there's a two minute gap in the logs around Stage 2: {noformat} Apr 22, 2014 11:46:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider Stage 2: looking up via memberOf Apr 22, 2014 11:48:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider CN=Jon Wiswall,OU=<ou>,OU=<ou>,DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc> is a member of cn: <group name> {noformat} After the 2-minute break the log prints the first 20 or so of my ~150 group memberships. Looks like the LDAP server gives up at this point: {noformat} Failed to retrieve user information for <username> javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456) {noformat} ... which then fails the Jenkins login with an authentication failed message. I'm sure this is to do with our large Active Directory deployment. Could the plugin only check the username/pw combo, and then if matrix or project-based security is enabled, check if the named groups are present? The initial auth step (which dumps all the groups anyhow) is super fast. (Note: marked bug as 'minor' but I can't really point my team at my Jenkins instance until this works.)

    Jenkins JIRA | 3 years ago | Jon Wiswall
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'
  2. 0

    Logs show that the plugin has correctly matched my username against the right DC and authenticated correctly. All my groups are printed along with some additional ldap content. Then there's a two minute gap in the logs around Stage 2: {noformat} Apr 22, 2014 11:46:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider Stage 2: looking up via memberOf Apr 22, 2014 11:48:27 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider CN=Jon Wiswall,OU=<ou>,OU=<ou>,DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc> is a member of cn: <group name> {noformat} After the 2-minute break the log prints the first 20 or so of my ~150 group memberships. Looks like the LDAP server gives up at this point: {noformat} Failed to retrieve user information for <username> javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456) {noformat} ... which then fails the Jenkins login with an authentication failed message. I'm sure this is to do with our large Active Directory deployment. Could the plugin only check the username/pw combo, and then if matrix or project-based security is enabled, check if the named groups are present? The initial auth step (which dumps all the groups anyhow) is super fast. (Note: marked bug as 'minor' but I can't really point my team at my Jenkins instance until this works.)

    Jenkins JIRA | 3 years ago | Jon Wiswall
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'
  3. 0

    Causes for instant Timelimit error when accessing AD via java

    Stack Overflow | 4 years ago | DavidA
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name ''
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    [JIRA] [active-directory-plugin] (JENKINS-33213) TimeLimitExceededException produces "Automatic" group lookup strategy not to work

    Google Groups | 9 months ago | fbelzunc@gmail.com (JIRA)
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=xxx,DC=xx,DC=company,DC=com'
  6. 0

    The following stacktrace seems to produce active directory plugin not to fallback into recursive strategy. Workaround is to change the strategy to recursive in the plugin configuration. {code:java} Feb 23, 2016 9:31:54 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser WARNING: Failed to retrieve user information for xxxx javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=xxx,DC=xx,DC=company,DC=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3143) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:533) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.chainGroupLookup(ActiveDirectoryUnixAuthenticationProvider.java:478) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:438) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:318) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:219) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:163) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.authenticate(ActiveDirectorySecurityRealm.java:666) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.cloudbees.opscenter.server.sso.RemoteSecurityRealmImpl.authenticate(RemoteSecurityRealmImpl.java:200) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:608) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:583) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:542) at hudson.remoting.UserRequest.perform(UserRequest.java:120) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:326) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) at org.jenkinsci.remoting.CallableDecorator.call(CallableDecorator.java:18) at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21) at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) {code}

    Jenkins JIRA | 9 months ago | FĂ©lix Belzunce Arcos
    javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=xxx,DC=xx,DC=company,DC=com'

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. javax.naming.TimeLimitExceededException

      [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=<dc>,DC=<dc>,DC=<dc>,DC=<dc>'

      at com.sun.jndi.ldap.LdapCtx.mapErrorCode()
    2. Java RT
      LdapNamingEnumeration.hasMore
      1. com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      2. com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      3. com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      4. com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source)
      5. com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
      6. com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
      6 frames
    3. hudson.plugins.active_directory
      ActiveDirectoryUnixAuthenticationProvider.parseMembers
      1. hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456)
      1 frame