Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-23316

LDAP authorization fails sporadically

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Incomplete
    • Affects Version/s: 3.21.1
    • Fix Version/s: None
    • Component/s: LDAP
    • Labels:
    • Environment:
      Running via docker (see attached Dockerfile)

      Description

      We are seeing issues with our LDAP connection after upgrading from 3.2.1 to 3.21.1-01.  We get sporadic unauthorized errors when accessing our nexus via maven builds.  Retrying the build will usually succeed after a try or two.  LDAP is our only configured security relm.  

      We are running LDAP behind an AWS Network Load balancer (so that our LDAP server is highly available).  

      Here is one log message showing this problem.  The user will try in the near future after a failure and then it will succeed.  Most of our logins are succeeding.  Occasionally they fail.  There were multiple failures like this one in our logs, I just pulled out one here (and modified the hostnames/usernames):

      2020-03-25 12:53:59,503+0000 WARN [qtp1475486731-410411] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: bilbo Caused by: javax.naming.ServiceUnavailableException: ldap.middleearth.com:389; socket closed; remaining name 'ou=people'
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              proth Peter Roth
              Last Updated By:
              Joe Tom Joe Tom
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title