2

i am trying to connect to ldap active directory on windows server 2008 using spring ldap 1.3.1.RELEASE and ldap config is as follows:

  • ldap url is: ldap://dc.fabrikam.com
  • username: administrator
  • password: 123456

- spring ldap configuration is as follows:

    <bean id="contextSource" 
    class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://dc.fabrikam.com" />
    <property name="base" value="dc=fabrikam,dc=com" />     
    <property name="userDn" value="CN=administrator,CN=Users,DC=fabrikam,DC=com" />     
    <property name="password" value="123456" />


    <property name="baseEnvironmentProperties">
    <map>
        <entry key="java.naming.referral">
            <value>follow</value>
        </entry>
    </map>
    </property>

</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <constructor-arg ref="contextSource" />
</bean>

  • LDAPContactDAO:

    @Service
public class LDAPContactDAO implements ContactDAO {

@Autowired
private LdapTemplate ldapTemplate;

public List getAllContactNames() {
    return ldapTemplate.search("", "(objectclass=person)",
            new AttributesMapper() {
                public Object mapFromAttributes(Attributes attrs)
                        throws NamingException {
                    return attrs.get("cn").get();
                }
            });
}

}

-debugs before the exception:

2012-12-31/15:50:36.425 [localhost-startStop-1] DEBUG AuthenticationSource not set - using default implementation
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Not using LDAP pooling
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Trying provider Urls: ldap://192.168.1.118/dc=fabrikam,dc=com
2012-12-31/15:50:37.558 [http-bio-8080-exec-5] DEBUG Got Ldap context on server 'ldap://192.168.1.118/dc=fabrikam,dc=com'

when trying to use the getAllContactNames method, i am getting the following exception:

org.springframework.ldap.CommunicationException: fabrikam.com.com:389; nested exception is javax.naming.CommunicationException: fabrikam.com.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:100)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    at java.net.Socket.connect(Socket.java:529)
    at java.net.Socket.connect(Socket.java:478)
    at java.net.Socket.<init>(Socket.java:375)
    at java.net.Socket.<init>(Socket.java:189)
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
    at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
    at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
    at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
    at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
    at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
    at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:253)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
    at com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
    at com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

please advise.

UPDATE:

I managed to connect to active directory with jxplorer using the following configuration:

  1. Host: dc.fabrikam.com
  2. Port: 389
  3. Base DN: dc=fabrikam,dc=com
  4. User DN: CN=administrator,CN=Users,DC=fabrikam,DC=com
  5. Password: secret

but i still getting timeout with spring ldap connection.

UPDATE2:

the issue is now narrowed to spring ldap because i tried the above configuration with JNDI and connection to ldap works fine as mentioned in here:

ldap search is very slow

i think that the referral property might be the issue.

Community
  • 1
  • 1
Mahmoud Saleh
  • 33,303
  • 119
  • 337
  • 498
  • Have you tried removing the `:389` at the end of the URL in the second example? Your first example was not supplying the full admin DN, so the authentication attempt was being rejected. The second example appears to be unable to connect to the LDAP server. – ig0774 Dec 31 '12 at 13:03
  • @ig0774, can you please see the latest update ? also is it possible that i can connect to the ldap url from browser ? – Mahmoud Saleh Dec 31 '12 at 13:10
  • Connect to an LDAP URL from a web browser? None I know of support that. However, you can use an LDAP browser, such as [Apache Directory Studio](http://directory.apache.org/studio/) or [JXPlorer](http://jxplorer.org) to try the LDAP url. – ig0774 Dec 31 '12 at 13:13
  • 1
    Regarding the update, I notice this is what it's trying to connect to: `fabrikam.com.com:389`. This looks more like a copy-paste issue in the example provided. As I suggested before, could you try changing the `url` property to `ldap://dc.fabrikam.com` (or it's un-obfuscated equivalent)? – ig0774 Dec 31 '12 at 13:16
  • @ig0774, i removed the port suffix and still getting same error, i updated the question again. – Mahmoud Saleh Dec 31 '12 at 13:18
  • Are you certain `dc.fabrikam.com` is the correct address for the DC? I'd first confirm that `dc.fabrikam.com` can be resolved using DNS. From the Windows command prompt, you can do this with the command `nslookup dc.fabrikam.com`. On *nix, `dig dc.fabrikam.com`. – ig0774 Dec 31 '12 at 13:27
  • Also, try downloading one of the LDAP browsers I suggested and connecting using them. – ig0774 Dec 31 '12 at 13:30
  • nslookup gives the following results: Server: UnKnown Address: 192.168.1.1 Non-authoritative answer: Name: dc.fabrikam.com Address: 92.242.144.5 – Mahmoud Saleh Dec 31 '12 at 13:32
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/21954/discussion-between-ig0774-and-mahmoud-saleh) – ig0774 Dec 31 '12 at 13:33
  • @ig0774, please see my latest update, i managed to do successful connection with jxplorer. – Mahmoud Saleh Jan 01 '13 at 09:06
  • @MahmoudSaleh, did you managed to solve this ? –  Sep 27 '19 at 11:58

4 Answers4

5

We found this issue was due to a non-existent domain controller in DNS. If you're using a domain name instead of IP, do an NSLOOKUP to show all the IPs the domain points to: 

NSLOOKUP fabrikam.com

Ensure all the IPs from NSLOOKUP are reachable on port 389:

Test-NetConnection 172.30.2.1 -port 389
KERR
  • 1,312
  • 18
  • 13
1

A thousand things could go wrong when connecting to a remote resource. To narrow down the cause proceed as follows:

  • Check the Windows logs (using the Event Viewer)
  • Disable the Windows firewall on dc.fabrikam.com should it be enabled (then make sure port 389 is open)
  • Try to connect to LDAP from the host you run the Java app manually like telnet dc.fabrikam.com 389
  • If at all possible deploy your Java app on the same host dc.fabrikam.com to rule out connection issues
Marcel Stör
  • 22,695
  • 19
  • 92
  • 198
0

to solve this problem, you need to add an LDAP DNS configuration to your computer to allow a spring connection to the LDAP server.

  • Linux: / etc / hosts

  • Windows: C: \ Windows \ System32 \ drivers \ etc \ hosts

Open cmd to view the LDAP address using the NSLOOKUP command, and then add the ldap server address to the windows hosts file as <server IP> <server host name>:

Example:

192.168.1.123 ldap.atlassian.com

becher henchiri
  • 618
  • 4
  • 10
-1

The problem you have is the connection you just have to group these aumetnar seeping into the base, for example your configuration is:

<property name="base" value="dc=fabrikam,dc=com" />

change to:

<property name="base" value="ou=grupo,dc=fabrikam,dc=com" />
Taryn
  • 242,637
  • 56
  • 362
  • 405
mabo
  • 1
  • 1
    Incomprehensible. 'Group these aumetnar seeping into the base' is meaningless and contains a non-existent word. – user207421 Oct 10 '17 at 00:15