[Issue 3356] New - DNS lookup failed - Active Directory lookup broken

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[Issue 3356] New - DNS lookup failed - Active Directory lookup broken

subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356
                 Issue #|3356
                 Summary|DNS lookup failed - Active Directory lookup broken
               Component|hudson
                 Version|current
                Platform|PC
              OS/Version|Windows 2000
                     URL|
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P3
            Subcomponent|active-directory
             Assigned to|issues@hudson
             Reported by|subbaer






------- Additional comments from [hidden email] Thu Mar 26 07:51:36 +0000 2009 -------
With version 1.11 the Active Directory lookup does not work anymore in my
set-up. Reverting to 1.9 fixed the problem.

Security:
- Active Directory
- Matrix based security (global settings)

Issue occurs when trying to login.

Even with specifying a domain name in the enhanced attributes it does not work.

Error log:
Mar 26, 2009 8:27:11 AM
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
retrieveUser
WARNING: Failed to bind to LDAP
javax.naming.NameNotFoundException: DNS name not found [response code 3];
remaining name '_ldap._tcp.EMEA'
        at com.sun.jndi.dns.DnsClient.checkResponseCode(DnsClient.java:596)
        at com.sun.jndi.dns.DnsClient.isMatchResponse(DnsClient.java:553)
        at com.sun.jndi.dns.DnsClient.doUdpQuery(DnsClient.java:399)
        at com.sun.jndi.dns.DnsClient.query(DnsClient.java:186)
        at com.sun.jndi.dns.Resolver.query(Resolver.java:64)
        at com.sun.jndi.dns.DnsContext.c_getAttributes(DnsContext.java:413)
        at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
        at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
        at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109)
        at
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:123)
        at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.obtainLDAPServer(ActiveDirectorySecurityRealm.java:156)
        at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.obtainLDAPServer(ActiveDirectorySecurityRealm.java:146)
        at
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:73)
        at
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
        at
org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
        at
org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
        at
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
        at
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
        at
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
        at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
        at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:155)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:444)
        at
org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:472)
        at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286)
        at java.lang.Thread.run(Thread.java:619)
Mar 26, 2009 8:27:11 AM hudson.security.AuthenticationProcessingFilter2
onUnsuccessfulAuthentication
INFO: Login attempt failed

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

Kohsuke Kawaguchi
Administrator
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356



User kohsuke changed the following:

                What    |Old value                 |New value
================================================================================
                  Status|NEW                       |STARTED
--------------------------------------------------------------------------------




------- Additional comments from [hidden email] Sun Mar 29 04:27:47 +0000 2009 -------
Does your Hudson run on Windows? Did you specify the domain name yourself in the
"advanced" section? If so, what if you remove it?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

subbaer
In reply to this post by subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356






------- Additional comments from [hidden email] Mon Mar 30 16:18:26 +0000 2009 -------
My Hudson installation runs on a Windows 2000 server.

I tried both variants for 1.11: setting a Domain name in advanced and leaving it
as-is. Both came up with this error.

In my working 1.9 version I haven't set anything (works out-of-the-box).

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

pmv-2
In reply to this post by subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356



User pmv changed the following:

                What    |Old value                 |New value
================================================================================
              OS/Version|Windows 2000              |other
--------------------------------------------------------------------------------




------- Additional comments from [hidden email] Thu May 21 20:53:44 +0000 2009 -------
We have hudson running on Windows 2003 and we were also affected by this bug.

I tried hudson 1.306 and active-directory 1.13 today and the issue was still
there.  However, after I removed the entry from the 'Advanced' section logins
have started working.

After trying a couple more things, it looks like I can fill in the 'Advanced'
section.  However, the domain name must be fully qualified or it will fail and
produce the stack trace.  With the <= 1.9 version of this plugin, our domain
name was not fully qualified and it still worked.

So for those of you out there who are hitting this error, make sure your domain
name is fully qualified.  If this also applies to subbaer, the issue could be
marked as FIXED, but I'm unable to speak for him.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

ricktw
In reply to this post by subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356






------- Additional comments from [hidden email] Fri May 22 07:05:15 +0000 2009 -------
I can confirm the solution of pmv.
When setting the FULLY QUALIFIED domain name, the plugin works again.

This issue should be changed: the automatic domain detection doesn't work anymore...

gr,
Rick

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

pcampbell-2
In reply to this post by subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356






------- Additional comments from [hidden email] Mon Jun  8 17:23:47 +0000 2009 -------
*** Issue 3719 has been marked as a duplicate of this issue. ***

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

statlor
In reply to this post by subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356






------- Additional comments from [hidden email] Thu Jun 11 07:56:04 +0000 2009 -------
I'm having the same problem on WinXP SP3. Upgraded plugin from 1.9 to 1.13, and
all login attempts fail with this stack trace:

Jun 11, 2009 1:31:18 AM
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
retrieveUser
WARNING: Failed to bind to LDAP
javax.naming.NameNotFoundException: DNS name not found [response code 3];
remaining name '_ldap._tcp.COMPANY_DOMAIN'

That is when my domain name is set to COMPANY_DOMAIN (not my actual company
name, but it is two words separated by an underscore). This is what it was set
to before the upgrade, and was working fine.

If I try again with the fully qualified hostname of the AD server running LDAP,
I get a similar error:

Jun 11, 2009 2:45:42 AM
hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
retrieveUser
WARNING: Failed to bind to LDAP
javax.naming.NameNotFoundException: DNS name not found [response code 3];
remaining name '_ldap._tcp.phantom.company.net'

If I do an nslookup from that box, phantom.company.net resolves fine.

Finally, I tried with just 'company.net' for the domain. This one seems to work.
Sounds like something post-1.9 got more restrictive about what it would accept.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

subbaer
In reply to this post by subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356



User subbaer changed the following:

                What    |Old value                 |New value
================================================================================
                  Status|STARTED                   |RESOLVED
--------------------------------------------------------------------------------
              Resolution|                          |WORKSFORME
--------------------------------------------------------------------------------




------- Additional comments from [hidden email] Wed Jun 24 13:47:56 +0000 2009 -------
I confirm, that setting the FQDN (see comments) resolved this issue for me as
well.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3356] DNS lookup failed - Active Directory lookup broken

frizbog
In reply to this post by subbaer
https://hudson.dev.java.net/issues/show_bug.cgi?id=3356



User frizbog changed the following:

                What    |Old value                 |New value
================================================================================
                  Status|RESOLVED                  |REOPENED
--------------------------------------------------------------------------------
              Resolution|WORKSFORME                |
--------------------------------------------------------------------------------




------- Additional comments from [hidden email] Tue Jun 30 19:51:31 +0000 2009 -------
Using fully qualified domain does not resolve situation.  It looks like it tries
putting a trailing period on whatever value is put in and thus never resolves
the domain.

Using Hudson 1.311, Active Directory Plugin v1.13.  Downgrading the plugin to to
v1.12 or to v1.9 does not resolve the issue.


Stack trace follows:
javax.naming.NameNotFoundException: DNS name not found [response code 3];
remaining name 'mydomain.corp.mycompany.com.'
        at com.sun.jndi.dns.DnsClient.checkResponseCode(DnsClient.java:596)
        at com.sun.jndi.dns.DnsClient.isMatchResponse(DnsClient.java:553)
        at com.sun.jndi.dns.DnsClient.doUdpQuery(DnsClient.java:399)
        at com.sun.jndi.dns.DnsClient.query(DnsClient.java:186)
        at com.sun.jndi.dns.Resolver.query(Resolver.java:64)
        at com.sun.jndi.dns.DnsContext.c_getAttributes(DnsContext.java:413)
        at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
        at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
        at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109)
        at
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:123)
        at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl$1.check(ActiveDirectorySecurityRealm.java:102)
        at hudson.util.FormFieldValidator.process(FormFieldValidator.java:138)
        at
hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DesciprotrImpl.doDomainCheck(ActiveDirectorySecurityRealm.java:87)
        at sun.reflect.GeneratedMethodAccessor682.invoke(Unknown Source)
....

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]