Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-17449

LdapUserManager - User: null not found trying to load outreach content after ldap timeout exceeded

    Details

      Description

      Summary

      OutreachComponent checks if "null" user exists in external realms and has admin role.

      Reproduce

      Configure an LDAP server to a remote which cannot be reached ( or is having temporary problems OR cannot find the userid you will enter at signin). LDAP realm enabled.
      Make the LDAP connect timeout 60 seconds or greater.
      The UI timeout is fixed at 60 seconds and this cannot be changed. See NEXUS-12033.
      Signin as the default admin user in the default realm.
      After 60 seconds, you start seeing Operation failed as server could not be contacted failed messages in the UI - even though you successfully signin and are browsing the admin ui as admin user.

      The messages repeat twice in the UI.

      At regular log levels, you will see something like this in the nexus.log - twice - spaced 60 seconds apart:

      2018-06-20 15:45:57,549-0300 WARN [pool-21-thread-15] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server:
      org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for users.

      At debug log levels for org.sonatype.nexus.ldap you see 2 more like these, spaced 60 seconds apart in groups of 2

      2018-06-20 15:45:57,552-0300 DEBUG [pool-21-thread-15] *UNKNOWN org.sonatype.nexus.ldap.internal.realms.EnterpriseLdapManager - Failed to find user: null
      org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for users.

       Examples:

      2018-06-20 10:15:14,930-0400 DEBUG [pool-21-thread-10] *UNKNOWN org.sonatype.nexus.ldap.internal.LdapUserManager - User: null not found.
      org.sonatype.nexus.ldap.internal.connector.dao.NoSuchLdapUserException: No such user: null
      at org.sonatype.nexus.ldap.internal.realms.EnterpriseLdapManager.getUser(EnterpriseLdapManager.java:236)
      at org.sonatype.nexus.ldap.internal.LdapUserManager.getUser(LdapUserManager.java:47)
      at org.sonatype.nexus.security.internal.DefaultSecuritySystem.findUser(DefaultSecuritySystem.java:333)
      at org.sonatype.nexus.security.internal.DefaultSecuritySystem.getUser(DefaultSecuritySystem.java:362)
      at com.sonatype.nexus.plugins.outreach.internal.OutreachHelper.hasAdminRole(OutreachHelper.java:65)
      at com.sonatype.nexus.plugins.outreach.Outreach$User.fromSubject(Outreach.java:70)
      at com.sonatype.nexus.plugins.outreach.Outreach$User$fromSubject.call(Unknown Source)
      at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent.readStatus(OutreachComponent.groovy:56)
      at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent$$EnhancerByGuice$$4799df3.CGLIB$readStatus$1(<generated>)
      at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent$$EnhancerByGuice$$4799df3$$FastClassByGuice$$1178ea47.invoke(<generated>)
      at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
      at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
      at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:49)
      at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
      at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:47)
      at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
      at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
      at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent$$EnhancerByGuice$$4799df3.readStatus(<generated>)
      at sun.reflect.GeneratedMethodAccessor342.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:497)
      at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)
      at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)
      at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:233)
      at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)
      at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73)
      at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502)
      at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72)
      at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43)
      at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1)
      at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:61)
      at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1)
      at com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:450)
      at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:75)
      at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56)
      at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      at java.lang.Thread.run(Thread.java:745)
      2018-06-20 16:08:10,382-0300 WARN [qtp370463776-286] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server:
      org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for users.
      at org.sonatype.nexus.ldap.internal.connector.DefaultLdapConnector.getUser(DefaultLdapConnector.java:143)
      at org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector.getUser(FailoverLdapConnector.java:153)
      at org.sonatype.nexus.ldap.internal.realms.EnterpriseLdapManager.getUser(EnterpriseLdapManager.java:221)
      at org.sonatype.nexus.ldap.internal.LdapUserManager.getUser(LdapUserManager.java:47)
      at org.sonatype.nexus.security.internal.DefaultSecuritySystem.findUser(DefaultSecuritySystem.java:333)
      at org.sonatype.nexus.security.internal.DefaultSecuritySystem.getUser(DefaultSecuritySystem.java:362)
      at com.sonatype.nexus.plugins.outreach.internal.OutreachHelper.hasAdminRole(OutreachHelper.java:65)
      at com.sonatype.nexus.plugins.outreach.Outreach$User.fromSubject(Outreach.java:70)
      at com.sonatype.nexus.plugins.outreach.Outreach$User$fromSubject.call(Unknown Source)
      at com.sonatype.nexus.plugins.outreach.internal.OutreachServlet.doGet(OutreachServlet.groovy:82)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:286)
      at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:276)
      at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:181)
      at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
      at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
      at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
      at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
      at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85)
      at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
      at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
      at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
      at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
      at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
      at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101)
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
      at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:108)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
      at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
      at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:68)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
      at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
      at org.sonatype.nexus.internal.web.HeaderPatternFilter.doFilter(HeaderPatternFilter.java:98)
      at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
      at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104)
      at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:135)
      at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1629)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:175)
      at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      at org.eclipse.jetty.server.Server.handle(Server.java:530)
      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347)
      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256)
      at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
      at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
      at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247)
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140)
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
      at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: javax.naming.CommunicationException: 10.154.xx.xx:389
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
      at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
      at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
      at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114)
      at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136)
      at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329)
      at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1606)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      at javax.naming.InitialContext.init(InitialContext.java:244)
      at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
      at org.sonatype.nexus.ldap.internal.realms.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:247)
      at org.sonatype.nexus.ldap.internal.realms.DefaultLdapContextFactory.getSystemLdapContext(DefaultLdapContextFactory.java:229)
      at org.sonatype.nexus.ldap.internal.connector.DefaultLdapConnector.getUser(DefaultLdapConnector.java:129)
      ... 78 common frames omitted
      Caused by: java.net.SocketTimeoutException: connect timed out
      at java.net.PlainSocketImpl.socketConnect(Native Method)
      at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
      at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
      at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
      at java.net.Socket.connect(Socket.java:589)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
      ... 97 common frames omitted

      Problems

      • even with ldap failed connection attempt retry set at 3, there appear to be only two total attempts.
      • the UI message is misleading - it is unclear what server cannot be contacted and what the actual problem is
      • no "null" user should be looked up in any realm anyways, for any content, not just outreach
      • you trigger NEXUS-17448 as well
      • the default application log messages do not help diagnose any of this

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dbradicich Damian Bradicich
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Team:
              NXRM - Tron
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title