You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Robin (Jira)" <ji...@apache.org> on 2021/08/19 09:06:00 UTC
[jira] [Created] (DIRSTUDIO-1287) Error connecting to LDAPS server
Robin created DIRSTUDIO-1287:
--------------------------------
Summary: Error connecting to LDAPS server
Key: DIRSTUDIO-1287
URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1287
Project: Directory Studio
Issue Type: Bug
Affects Versions: 2.0.0-M17
Reporter: Robin
In trying to connect to an LDAP server via TLS I have run into what I believe to be a bug.
The LDAP server is the built-in one on a Synology NAS with a valid certificate installed.
I am able to successfully bind to it using LDAPS on port 636 using javax.naming:
{code:java}
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_AUTHENTICATION, authentication);
env.put(Context.SECURITY_PRINCIPAL, bindDN);
env.put(Context.SECURITY_CREDENTIALS, password);
return new InitialLdapContext (env, null);
{code}
However, when trying to connect using Apache Directory Studio I keep getting an error:
The authentication failed ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found.
I started Directory Studio with -Djavax.net.debug=all to see what happens and this is what I found:
* There's a bunch of logging which eventually ends with this line:
{code:java}
javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:20.548 BST|SSLSessionImpl.java:242|Session initialized: Session(1629363140485|TLS_AES_128_GCM_SHA256){code}
* It then idles for a while after which this happens:
{code:java}
javax.net.ssl|ALL|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineOutputRecord.java:505|WRITE: TLS13 alert, length = 2
javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLCipher.java:2036|Plaintext before ENCRYPTION (
0000: 01 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010: 00 00 00 ...
)
javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineOutputRecord.java:523|Raw write (
0000: 17 03 03 00 23 00 65 A2 9A C7 DD 2C 23 8D 18 75 ....#.e....,#..u
0010: 98 7F 17 DD 3B 01 61 36 C8 83 9A E1 0D 41 B0 00 ....;.a6.....A..
0020: 07 8D 20 48 EB 1E 31 7B .. H..1.
)
javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.513 BST|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283)
at java.base/sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:733)
at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:209)
at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:485)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:1092)
at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:98)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:599)
at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:251)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeNow(AbstractPollingIoProcessor.java:1142)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeSessions(AbstractPollingIoProcessor.java:864)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:694)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|SSLSessionImpl.java:784|Invalidated session: Session(1629363140485|TLS_AES_128_GCM_SHA256)
javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|SSLSessionImpl.java:784|Invalidated session: Session(1629363140485|TLS_AES_128_GCM_SHA256)
javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|SSLSessionImpl.java:784|Invalidated session: Session(1629363140485|TLS_AES_128_GCM_SHA256)
{code}
* I am then shown the QUEUE_EMPTIED error
Things I've tried:
# Connecting to port 389 without TLS - this works
# Upgrading to OpenJDK 16.0.2 - no difference
# Restarting the client & server - no difference
I am running Apache Directory Studio Version: 2.0.0.v20210717-M17 on MacOS 11.5 and have also tried on Fedora 33 with Java 11 with the exact same result
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org