Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.12.1
-
Fix Version/s: 3.15.0
-
Labels:
Description
Summary
OutreachComponent checks if "null" user exists in external realms and has admin role.
Reproduce
Configure an LDAP server to a remote which cannot be reached ( or is having temporary problems OR cannot find the userid you will enter at signin). LDAP realm enabled.
Make the LDAP connect timeout 60 seconds or greater.
The UI timeout is fixed at 60 seconds and this cannot be changed. See NEXUS-12033.
Signin as the default admin user in the default realm.
After 60 seconds, you start seeing Operation failed as server could not be contacted failed messages in the UI - even though you successfully signin and are browsing the admin ui as admin user.
The messages repeat twice in the UI.
At regular log levels, you will see something like this in the nexus.log - twice - spaced 60 seconds apart:
2018-06-20 15:45:57,549-0300 WARN [pool-21-thread-15] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server:
org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for users.
At debug log levels for org.sonatype.nexus.ldap you see 2 more like these, spaced 60 seconds apart in groups of 2
2018-06-20 15:45:57,552-0300 DEBUG [pool-21-thread-15] *UNKNOWN org.sonatype.nexus.ldap.internal.realms.EnterpriseLdapManager - Failed to find user: null
org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for users.
Examples:
2018-06-20 10:15:14,930-0400 DEBUG [pool-21-thread-10] *UNKNOWN org.sonatype.nexus.ldap.internal.LdapUserManager - User: null not found. org.sonatype.nexus.ldap.internal.connector.dao.NoSuchLdapUserException: No such user: null at org.sonatype.nexus.ldap.internal.realms.EnterpriseLdapManager.getUser(EnterpriseLdapManager.java:236) at org.sonatype.nexus.ldap.internal.LdapUserManager.getUser(LdapUserManager.java:47) at org.sonatype.nexus.security.internal.DefaultSecuritySystem.findUser(DefaultSecuritySystem.java:333) at org.sonatype.nexus.security.internal.DefaultSecuritySystem.getUser(DefaultSecuritySystem.java:362) at com.sonatype.nexus.plugins.outreach.internal.OutreachHelper.hasAdminRole(OutreachHelper.java:65) at com.sonatype.nexus.plugins.outreach.Outreach$User.fromSubject(Outreach.java:70) at com.sonatype.nexus.plugins.outreach.Outreach$User$fromSubject.call(Unknown Source) at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent.readStatus(OutreachComponent.groovy:56) at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent$$EnhancerByGuice$$4799df3.CGLIB$readStatus$1(<generated>) at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent$$EnhancerByGuice$$4799df3$$FastClassByGuice$$1178ea47.invoke(<generated>) at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228) at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76) at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:49) at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77) at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:47) at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77) at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55) at com.sonatype.nexus.plugins.outreach.internal.ui.OutreachComponent$$EnhancerByGuice$$4799df3.readStatus(<generated>) at sun.reflect.GeneratedMethodAccessor342.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:233) at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:61) at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) at com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:450) at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:75) at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
2018-06-20 16:08:10,382-0300 WARN [qtp370463776-286] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for users. at org.sonatype.nexus.ldap.internal.connector.DefaultLdapConnector.getUser(DefaultLdapConnector.java:143) at org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector.getUser(FailoverLdapConnector.java:153) at org.sonatype.nexus.ldap.internal.realms.EnterpriseLdapManager.getUser(EnterpriseLdapManager.java:221) at org.sonatype.nexus.ldap.internal.LdapUserManager.getUser(LdapUserManager.java:47) at org.sonatype.nexus.security.internal.DefaultSecuritySystem.findUser(DefaultSecuritySystem.java:333) at org.sonatype.nexus.security.internal.DefaultSecuritySystem.getUser(DefaultSecuritySystem.java:362) at com.sonatype.nexus.plugins.outreach.internal.OutreachHelper.hasAdminRole(OutreachHelper.java:65) at com.sonatype.nexus.plugins.outreach.Outreach$User.fromSubject(Outreach.java:70) at com.sonatype.nexus.plugins.outreach.Outreach$User$fromSubject.call(Unknown Source) at com.sonatype.nexus.plugins.outreach.internal.OutreachServlet.doGet(OutreachServlet.groovy:82) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:286) at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:276) at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:181) at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85) at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:108) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:68) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:101) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at org.sonatype.nexus.internal.web.HeaderPatternFilter.doFilter(HeaderPatternFilter.java:98) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:135) at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1629) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:175) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:530) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626) at java.lang.Thread.run(Thread.java:748) Caused by: javax.naming.CommunicationException: 10.154.xx.xx:389 at com.sun.jndi.ldap.Connection.<init>(Connection.java:216) at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64) at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114) at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136) at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1606) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.sonatype.nexus.ldap.internal.realms.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:247) at org.sonatype.nexus.ldap.internal.realms.DefaultLdapContextFactory.getSystemLdapContext(DefaultLdapContextFactory.java:229) at org.sonatype.nexus.ldap.internal.connector.DefaultLdapConnector.getUser(DefaultLdapConnector.java:129) ... 78 common frames omitted Caused by: java.net.SocketTimeoutException: connect timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350) at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ... 97 common frames omitted
Problems
- even with ldap failed connection attempt retry set at 3, there appear to be only two total attempts.
- the UI message is misleading - it is unclear what server cannot be contacted and what the actual problem is
- no "null" user should be looked up in any realm anyways, for any content, not just outreach
- you trigger NEXUS-17448 as well
- the default application log messages do not help diagnose any of this
Attachments
Issue Links
- is caused by
-
NEXUS-15466 Welcome screen content is not displayed for administrators who are mapped in via LDAP group
-
- Closed
-
- is related to
-
NEXUS-17448 WARN Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured even when Crowd realm is not active
-
- Open
-
- relates
-
NEXUS-17634 Outreach Welcome page cannot be fully disabled
-
- Closed
-