directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Re: NPE in ERR_04122_SSL_CONTEXT_INIT_FAILURE Failed to initialize the SSL context
Date Fri, 26 Apr 2019 16:49:48 GMT
Good to see you have found the root cause of your issue. May I ask you to
fill a JIRA for the NPE so that we don’t forget to fix it?

Many thanks!

Le ven. 26 avr. 2019 à 17:55, Michael Barkdoll <mabarkdoll@gmail.com> a
écrit :

> I tried removing the valid=10s from the docker swarm dns resolver to see if
> it makes a difference, but I still received an error [1] after several ldap
> successfully logins.  I noticed this error states:
>
> org.apache.mina.core.RuntimeIoException: Failed to get the session.
> Caused by: java.net.NoRouteToHostException: No route to host
>
> So, I made a bash script to check if there was any routing issues.
>
> ```
> while true; do
> nc -w 3 -z -v ad.uni.edu 636; echo $?
> sleep 1;
> done
> ```
> Output:
> Warning: inverse host lookup failed for 10.10.0.19: Unknown host
> ad.uni.edu [10.10.0.19] 636 (?) : No route to host
>
> I think one of the servers in the DNS entry is bad! I had hard coded Apache
> Guacmaole to only connect to a good one, but I think the Apache Ldap is
> doing a bind with the DNS entry provided by the ldap-user-base-dn:
> dc=ad,dc=uni,dc=edu in apache guacamole.  I'm going to email our windows
> folks and see if they can get that server out of the DNS entry since I
> think it is the cause.
>
> [1]
> https://gist.github.com/michaelbarkdoll/bc8ae3b13b1a20dd4ac259d6c20c011c
>
> Michael Barkdoll
>
>
> On Fri, Apr 26, 2019 at 10:06 AM Michael Barkdoll <mabarkdoll@gmail.com>
> wrote:
>
> > The ldap server is active directory 2016.
> >
> > The code that is using the directory ldap api is from a tomcat .WAR
> > (apache guacamole) [1].  I forked [1] and customized the jira/234 PR to
> > support ldap and nginx websocket load balancing in this repo [2]
> according
> > to apache guacamole's documentation.   I'm using docker swarm to set up
> an
> > overlay network between an nginx reverse proxy to two separate apache
> > guacamole tomcat servlets.  The nginx reverse proxy nginx.conf file is
> > provided here [3].
> >
> > You're correct that userX log entries are successful ldap login attempts
> > that I do to the tomcat .WAR and then I immediately logout and back in
> > another time until the error occurs.  What would be causing the handshake
> > to not end?
> >
> > [1] https://github.com/apache/guacamole-client
> > [2] https://github.com/michaelbarkdoll/guacamole-client/tree/jira/234
> > [3]
> > https://gist.github.com/michaelbarkdoll/d78614635fa0432ab08100d05f1a4919
> >
> > Michael Barkdoll
> >
> >
> >
> > On Fri, Apr 26, 2019 at 12:26 AM Stefan Seelmann <
> mail@stefan-seelmann.de>
> > wrote:
> >
> >> On 4/26/19 7:09 AM, Emmanuel Lecharny wrote:
> >> >> ERR_04122_SSL_CONTEXT_INIT_FAILURE Failed to initialize the SSL
> context
> >> >>
> >> >> java.lang.NullPointerException: null
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:689)
> >> >
> >> >
> >> > It seems, from the code, that the connection times out. The NPE is
> >> > infortunate -and we will fix it- but it’s just masking the real cause:
> >> the
> >> > handshake never ends.
> >> >
> >> > What is the scenario you are running?
> >>
> >> Especially, which LDAP server do you use?
> >>
> >> In error3.txt and error4.txt I see multiple logs messages "User "userX"
> >> successfully authenticated". Does that mean in those cases the
> >> connection to LDAP worked and it only fails randomly? It seems there are
> >> multiple threads involved, so maybe it's a concurrency issue...
> >>
> >>
> >>
> >>
> >>
>
-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message