You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Robin (Jira)" <ji...@apache.org> on 2021/08/19 10:09:00 UTC
[jira] [Commented] (DIRSTUDIO-1287) Error connecting to LDAPS server

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17401585#comment-17401585 ] 

Robin commented on DIRSTUDIO-1287:
----------------------------------

I tried this on M16 and it works consistently.

Random tests on M17:
 * Single-click the connection in the Connections view and then expand the DIT object in the LDAP Browser view: Does not work - QUEUE_EMPTIED
 * Double-click the connection in the Connections view and wait for it to connect: Does not work - QUEUE_EMPTIED
 * Double-click the connection in the Connections view and then expand the DIT and Root DSE objects in the LDAP browser view whilst the Progress view shows it is trying to connect: Appears to work every time

Strange one, but at least it looks like there's a workaround that allows this to work on M17.

> Error connecting to LDAPS server
> --------------------------------
>
>                 Key: DIRSTUDIO-1287
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1287
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M17
>            Reporter: Robin
>            Priority: Major
>
> In trying to connect to an LDAP server via TLS I have run into what I believe to be a bug.
> The LDAP server is the built-in one on a Synology NAS with a valid certificate installed.
>  I am able to successfully bind to it using LDAPS on port 636 using javax.naming:
> {code:java}
> Hashtable<String, String> env = new Hashtable<String, String>();
> 		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
> 		env.put(Context.PROVIDER_URL, ldapUrl);
> 		env.put(Context.SECURITY_AUTHENTICATION, authentication);
> 		env.put(Context.SECURITY_PRINCIPAL, bindDN);
> 		env.put(Context.SECURITY_CREDENTIALS, password);
> 		return new InitialLdapContext (env, null);
> {code}
> However, when trying to connect using Apache Directory Studio I keep getting an error:
> The authentication failed ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found.
> I started Directory Studio with -Djavax.net.debug=all to see what happens and this is what I found:
>  * There's a bunch of logging which eventually ends with this line:
> {code:java}
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:20.548 BST|SSLSessionImpl.java:242|Session initialized:  Session(1629363140485|TLS_AES_128_GCM_SHA256){code}
>  * It then idles for a while after which this happens:
> {code:java}
> javax.net.ssl|ALL|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
> javax.net.ssl|WARNING|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineOutputRecord.java:505|WRITE: TLS13 alert, length = 2
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLCipher.java:2036|Plaintext before ENCRYPTION (
>   0000: 01 00 15 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
>   0010: 00 00 00                                           ...
> )
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 BST|SSLEngineOutputRecord.java:523|Raw write (
>   0000: 17 03 03 00 23 00 65 A2   9A C7 DD 2C 23 8D 18 75  ....#.e....,#..u
>   0010: 98 7F 17 DD 3B 01 61 36   C8 83 9A E1 0D 41 B0 00  ....;.a6.....A..
>   0020: 07 8D 20 48 EB 1E 31 7B                            .. H..1.
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.513 BST|SSLEngineImpl.java:724|Closing inbound of SSLEngine
> javax.net.ssl|ERROR|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
> "throwable" : {
>   javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
>   	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>   	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
>   	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
>   	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
>   	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283)
>   	at java.base/sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:733)
>   	at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:209)
>   	at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:485)
>   	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
>   	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
>   	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:1092)
>   	at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:98)
>   	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
>   	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:599)
>   	at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:251)
>   	at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeNow(AbstractPollingIoProcessor.java:1142)
>   	at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeSessions(AbstractPollingIoProcessor.java:864)
>   	at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:694)
>   	at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>   	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>   	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>   	at java.base/java.lang.Thread.run(Thread.java:834)}
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|SSLSessionImpl.java:784|Invalidated session:  Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|SSLSessionImpl.java:784|Invalidated session:  Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 BST|SSLSessionImpl.java:784|Invalidated session:  Session(1629363140485|TLS_AES_128_GCM_SHA256)
> {code}
>  * I am then shown the QUEUE_EMPTIED error
> Things I've tried:
>  # Connecting to port 389 without TLS - this works
>  # Upgrading to OpenJDK 16.0.2 - no difference
>  # Restarting the client & server - no difference
> I am running Apache Directory Studio Version: 2.0.0.v20210717-M17 on MacOS 11.5 and have also tried on Fedora 33 with Java 11 with the exact same result



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org