java.net.ConnectException: Connection timed out when connecting to ldap

3
votes

i am trying to connect to ldap active directory on windows server 2008 using spring ldap 1.3.1.RELEASE and ldap config is as follows:

  • ldap url is: ldap://dc.fabrikam.com
  • username: administrator
  • password: 123456

- spring ldap configuration is as follows:

    <bean id="contextSource" 
    class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://dc.fabrikam.com" />
    <property name="base" value="dc=fabrikam,dc=com" />     
    <property name="userDn" value="CN=administrator,CN=Users,DC=fabrikam,DC=com" />     
    <property name="password" value="123456" />


    <property name="baseEnvironmentProperties">
    <map>
        <entry key="java.naming.referral">
            <value>follow</value>
        </entry>
    </map>
    </property>

</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <constructor-arg ref="contextSource" />
</bean>

  • LDAPContactDAO:

    @Service
public class LDAPContactDAO implements ContactDAO {

@Autowired
private LdapTemplate ldapTemplate;

public List getAllContactNames() {
    return ldapTemplate.search("", "(objectclass=person)",
            new AttributesMapper() {
                public Object mapFromAttributes(Attributes attrs)
                        throws NamingException {
                    return attrs.get("cn").get();
                }
            });
}

}

-debugs before the exception:

2012-12-31/15:50:36.425 [localhost-startStop-1] DEBUG AuthenticationSource not set - using default implementation
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Not using LDAP pooling
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Trying provider Urls: ldap://192.168.1.118/dc=fabrikam,dc=com
2012-12-31/15:50:37.558 [http-bio-8080-exec-5] DEBUG Got Ldap context on server 'ldap://192.168.1.118/dc=fabrikam,dc=com'

when trying to use the getAllContactNames method, i am getting the following exception:

org.springframework.ldap.CommunicationException: fabrikam.com.com:389; nested exception is javax.naming.CommunicationException: fabrikam.com.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:100)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    at java.net.Socket.connect(Socket.java:529)
    at java.net.Socket.connect(Socket.java:478)
    at java.net.Socket.<init>(Socket.java:375)
    at java.net.Socket.<init>(Socket.java:189)
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
    at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
    at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
    at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
    at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
    at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
    at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:253)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
    at com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
    at com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

please advise.

UPDATE:

I managed to connect to active directory with jxplorer using the following configuration:

  1. Host: dc.fabrikam.com
  2. Port: 389
  3. Base DN: dc=fabrikam,dc=com
  4. User DN: CN=administrator,CN=Users,DC=fabrikam,DC=com
  5. Password: secret

but i still getting timeout with spring ldap connection.

UPDATE2:

the issue is now narrowed to spring ldap because i tried the above configuration with JNDI and connection to ldap works fine as mentioned in here:

ldap search is very slow

i think that the referral property might be the issue.

4
springactive-directoryldapspring-ldap
Have you tried removing the :389 at the end of the URL in the second example? Your first example was not supplying the full admin DN, so the authentication attempt was being rejected. The second example appears to be unable to connect to the LDAP server.ig0774
@ig0774, can you please see the latest update ? also is it possible that i can connect to the ldap url from browser ?Mahmoud Saleh
Connect to an LDAP URL from a web browser? None I know of support that. However, you can use an LDAP browser, such as Apache Directory Studio or JXPlorer to try the LDAP url.ig0774
Regarding the update, I notice this is what it's trying to connect to: fabrikam.com.com:389. This looks more like a copy-paste issue in the example provided. As I suggested before, could you try changing the url property to ldap://dc.fabrikam.com (or it's un-obfuscated equivalent)?ig0774
@ig0774, i removed the port suffix and still getting same error, i updated the question again.Mahmoud Saleh

4 Answers

4
votes

We found this issue was due to a non-existent domain controller in DNS. If you're using a domain name instead of IP, do an NSLOOKUP to show all the IPs the domain points to: 

NSLOOKUP fabrikam.com

Ensure all the IPs from NSLOOKUP are reachable on port 389:

Test-NetConnection 172.30.2.1 -port 389
1
votes

A thousand things could go wrong when connecting to a remote resource. To narrow down the cause proceed as follows:

  • Check the Windows logs (using the Event Viewer)
  • Disable the Windows firewall on dc.fabrikam.com should it be enabled (then make sure port 389 is open)
  • Try to connect to LDAP from the host you run the Java app manually like telnet dc.fabrikam.com 389
  • If at all possible deploy your Java app on the same host dc.fabrikam.com to rule out connection issues
0
votes

to solve this problem, you need to add an LDAP DNS configuration to your computer to allow a spring connection to the LDAP server.

  • Linux: / etc / hosts

  • Windows: C: \ Windows \ System32 \ drivers \ etc \ hosts

Open cmd to view the LDAP address using the NSLOOKUP command, and then add the ldap server address to the windows hosts file as <server IP> <server host name>:

Example:

192.168.1.123 ldap.atlassian.com

-1
votes

The problem you have is the connection you just have to group these aumetnar seeping into the base, for example your configuration is:

<property name="base" value="dc=fabrikam,dc=com" />

change to:

<property name="base" value="ou=grupo,dc=fabrikam,dc=com" />