[jira] [Commented] (DIRSTUDIO-1287) Error connecting to LDAPS server

Thu, 19 Aug 2021 03:09:05 -0700 


    [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17401585#comment-17401585
 ] 

Robin commented on DIRSTUDIO-1287:
----------------------------------

I tried this on M16 and it works consistently.

Random tests on M17:
 * Single-click the connection in the Connections view and then expand the DIT 
object in the LDAP Browser view: Does not work - QUEUE_EMPTIED
 * Double-click the connection in the Connections view and wait for it to 
connect: Does not work - QUEUE_EMPTIED
 * Double-click the connection in the Connections view and then expand the DIT 
and Root DSE objects in the LDAP browser view whilst the Progress view shows it 
is trying to connect: Appears to work every time

Strange one, but at least it looks like there's a workaround that allows this 
to work on M17.

> Error connecting to LDAPS server
> --------------------------------
>
>                 Key: DIRSTUDIO-1287
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1287
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M17
>            Reporter: Robin
>            Priority: Major
>
> In trying to connect to an LDAP server via TLS I have run into what I believe 
> to be a bug.
> The LDAP server is the built-in one on a Synology NAS with a valid 
> certificate installed.
>  I am able to successfully bind to it using LDAPS on port 636 using 
> javax.naming:
> {code:java}
> Hashtable<String, String> env = new Hashtable<String, String>();
>               env.put(Context.INITIAL_CONTEXT_FACTORY, 
> "com.sun.jndi.ldap.LdapCtxFactory");
>               env.put(Context.PROVIDER_URL, ldapUrl);
>               env.put(Context.SECURITY_AUTHENTICATION, authentication);
>               env.put(Context.SECURITY_PRINCIPAL, bindDN);
>               env.put(Context.SECURITY_CREDENTIALS, password);
>               return new InitialLdapContext (env, null);
> {code}
> However, when trying to connect using Apache Directory Studio I keep getting 
> an error:
> The authentication failed ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue 
> has been emptied, no response was found.
> I started Directory Studio with -Djavax.net.debug=all to see what happens and 
> this is what I found:
>  * There's a bunch of logging which eventually ends with this line:
> {code:java}
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:20.548 
> BST|SSLSessionImpl.java:242|Session initialized:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256){code}
>  * It then idles for a while after which this happens:
> {code:java}
> javax.net.ssl|ALL|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
> javax.net.ssl|WARNING|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound 
> application data
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineOutputRecord.java:505|WRITE: TLS13 alert, length = 2
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLCipher.java:2036|Plaintext before ENCRYPTION (
>   0000: 01 00 15 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
>   0010: 00 00 00                                           ...
> )
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineOutputRecord.java:523|Raw write (
>   0000: 17 03 03 00 23 00 65 A2   9A C7 DD 2C 23 8D 18 75  ....#.e....,#..u
>   0010: 98 7F 17 DD 3B 01 61 36   C8 83 9A E1 0D 41 B0 00  ....;.a6.....A..
>   0020: 07 8D 20 48 EB 1E 31 7B                            .. H..1.
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.513 
> BST|SSLEngineImpl.java:724|Closing inbound of SSLEngine
> javax.net.ssl|ERROR|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before 
> receiving peer's close_notify (
> "throwable" : {
>   javax.net.ssl.SSLException: closing inbound before receiving peer's 
> close_notify
>       at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>       at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283)
>       at 
> java.base/sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:733)
>       at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:209)
>       at 
> org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:485)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:1092)
>       at 
> org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:98)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:599)
>       at 
> org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:251)
>       at 
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeNow(AbstractPollingIoProcessor.java:1142)
>       at 
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeSessions(AbstractPollingIoProcessor.java:864)
>       at 
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:694)
>       at 
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>       at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>       at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>       at java.base/java.lang.Thread.run(Thread.java:834)}
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|SSLSessionImpl.java:784|Invalidated session:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|SSLSessionImpl.java:784|Invalidated session:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|SSLSessionImpl.java:784|Invalidated session:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> {code}
>  * I am then shown the QUEUE_EMPTIED error
> Things I've tried:
>  # Connecting to port 389 without TLS - this works
>  # Upgrading to OpenJDK 16.0.2 - no difference
>  # Restarting the client & server - no difference
> I am running Apache Directory Studio Version: 2.0.0.v20210717-M17 on MacOS 
> 11.5 and have also tried on Fedora 33 with Java 11 with the exact same result



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to