Fatal编程技术网
  • artifactory/
  • Artifactory OSS:LDAP身份验证超时错误

Artifactory OSS:LDAP身份验证超时错误

artifactory

Artifactory OSS:LDAP身份验证超时错误,artifactory,Artifactory,我正在我的公司安装Artifactory OSS。在我们的测试中,所有这些都工作得很好,但在生产中,我们经常收到LDAP身份验证错误。详情如下: 操作系统:CentOS 7 Docker 1.10.1 Artifactory版本:Docker容器中的OSS 4.12.0.1 问题: Artifactory OSS每天会停止使用LDAP对用户进行多次身份验证。同时,相邻容器中的其他服务继续在同一LDAP服务器上正常运行。用户身份验证非常罕见,仅用于发布滚动 我们只找到了一个解决方法:-重新启动

我正在我的公司安装Artifactory OSS。在我们的测试中,所有这些都工作得很好,但在生产中,我们经常收到LDAP身份验证错误。详情如下:

  • 操作系统:CentOS 7
  • Docker 1.10.1
  • Artifactory版本:Docker容器中的OSS 4.12.0.1
问题:

Artifactory OSS每天会停止使用LDAP对用户进行多次身份验证。同时,相邻容器中的其他服务继续在同一LDAP服务器上正常运行。用户身份验证非常罕见,仅用于发布滚动

我们只找到了一个解决方法:-重新启动Artifactory容器

出现问题期间日志中出现的错误是:

2016-09-22 09:34:55,698 [http-nio-8081-exec-6] [ERROR] (o.a.s.l.AbstractLdapService:70) - Error connecting to the LDAP server:
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:60000ms.; remaining name '/'
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217) ~[spring-ldap-core-1.3.2.RELEASE.jar:1.3.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:809) ~[spring-ldap-core-1.3.2.RELEASE.jar:1.3.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:792) ~[spring-ldap-core-1.3.2.RELEASE.jar:1.3.2.RELEASE]
    at org.artifactory.security.ldap.NewSpringSecurityLdapTemplate.searchForSingleEntry(NewSpringSecurityLdapTemplate.java:251) ~[artifactory-core-4.12.0.1.jar:na]
    at org.artifactory.security.ldap.NewFilterBasedLdapUserSearch.searchForUser(NewFilterBasedLdapUserSearch.java:89) ~[artifactory-core-4.12.0.1.jar:na]
    at org.artifactory.security.ldap.ArtifactoryBindAuthenticator.authenticate(ArtifactoryBindAuthenticator.java:141) ~[artifactory-core-4.12.0.1.jar:na]
    at org.artifactory.security.ldap.LdapServiceImpl.testLdapConnection(LdapServiceImpl.java:75) ~[artifactory-core-4.12.0.1.jar:na]
    at org.artifactory.security.SecurityServiceImpl.testLdapConnection(SecurityServiceImpl.java:2275) [artifactory-core-4.12.0.1.jar:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) [spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201) [spring-aop-4.1.5.RELEASE.jar:4.1.5.RELEASE]
    at com.sun.proxy.$Proxy28.testLdapConnection(Unknown Source) [na:na]
    at org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.TestLdapSettingsService.testLdapConnection(TestLdapSettingsService.java:76) [artifactory-rest-ui-4.12.0.1.jar:na]
    at org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.TestLdapSettingsService.execute(TestLdapSettingsService.java:63) [artifactory-rest-ui-4.12.0.1.jar:na]
    at org.artifactory.rest.common.service.ServiceExecutor.process(ServiceExecutor.java:38) [artifactory-rest-common-4.12.0.1.jar:na]
    at org.artifactory.rest.common.resource.BaseResource.runService(BaseResource.java:92) [artifactory-rest-common-4.12.0.1.jar:na]
    at org.artifactory.ui.rest.resource.admin.security.ldap.LdapSettingResource.testLdapSetting(LdapSettingResource.java:96) [artifactory-rest-ui-4.12.0.1.jar:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
    at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) [jersey-server-1.19.jar:1.19]
    at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) [jersey-servlet-1.19.jar:1.19]
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558) [jersey-servlet-1.19.jar:1.19]
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733) [jersey-servlet-1.19.jar:1.19]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [servlet-api.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [catalina.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
    at org.artifactory.webapp.servlet.RepoFilter.execute(RepoFilter.java:200) [artifactory-web-application-4.12.0.1.jar:na]
    at org.artifactory.webapp.servlet.RepoFilter.doFilter(RepoFilter.java:91) [artifactory-web-application-4.12.0.1.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
    at org.artifactory.webapp.servlet.AccessFilter.useAuthentication(AccessFilter.java:391) [artifactory-web-application-4.12.0.1.jar:na]
    at org.artifactory.webapp.servlet.AccessFilter.doFilterInternal(AccessFilter.java:206) [artifactory-web-application-4.12.0.1.jar:na]
    at org.artifactory.webapp.servlet.AccessFilter.doFilter(AccessFilter.java:160) [artifactory-web-application-4.12.0.1.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
    at org.artifactory.webapp.servlet.RequestFilter.doFilter(RequestFilter.java:61) [artifactory-web-application-4.12.0.1.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
    at org.artifactory.webapp.servlet.ArtifactoryFilter.doFilter(ArtifactoryFilter.java:111) [artifactory-web-application-4.12.0.1.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.32]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.32]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.32]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.32]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.32]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.32]
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-coyote.jar:8.0.32]
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-coyote.jar:8.0.32]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-coyote.jar:8.0.32]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-coyote.jar:8.0.32]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_91]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_91]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.32]
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:60000ms.
    at com.sun.jndi.ldap.Connection.readReply(Connection.java:490) ~[na:1.8.0_91]
    at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:638) ~[na:1.8.0_91]
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:561) ~[na:1.8.0_91]
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) ~[na:1.8.0_91]
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) ~[na:1.8.0_91]
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) ~[na:1.8.0_91]
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786) ~[na:1.8.0_91]
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418) ~[na:1.8.0_91]
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396) ~[na:1.8.0_91]
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297) ~[na:1.8.0_91]
    at org.artifactory.security.ldap.NewSpringSecurityLdapTemplate.searchForSingleEntryInternal(NewSpringSecurityLdapTemplate.java:59) ~[artifactory-core-4.12.0.1.jar:na]
    at org.artifactory.security.ldap.NewSpringSecurityLdapTemplate$3.executeWithContext(NewSpringSecurityLdapTemplate.java:253) ~[artifactory-core-4.12.0.1.jar:na]
    at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:806) ~[spring-ldap-core-1.3.2.RELEASE.jar:1.3.2.RELEASE]
    ... 69 common frames omitted
2016-09-22 09:34:55,700 [http-nio-8081-exec-6] [ERROR] (o.a.s.l.AbstractLdapService:71) - Error connecting to the LDAP server:
首先,重要的是要提到,为了提高搜索性能,artifactoryldap“search Base”字段应该尽可能窄,并指向包含所有需求(用户、组…)的特定区域,但仍然不能强制Artifactory在整个树上搜索(这可能非常繁重)。 关于超时,您可以通过修改$artifactory\u HOME/etc/artifactory.system.properties文件中的'artifactory.security.ldap.socket.timeoutMillis'标志来增加默认超时值。
您可能还发现池超时(artifactory.security.ldap.pool.timeoutMillis)对于超时空闲连接和清除过时连接也很有用。

首先,必须指出,为了提高搜索性能,您的artifactoryldap“Search Base”字段应该尽可能窄,并指向包含您所有需求(用户、组…)的特定区域,但仍然不能强制Artifactory在整个树上搜索(这可能非常繁重)。 关于超时,您可以通过修改$artifactory\u HOME/etc/artifactory.system.properties文件中的'artifactory.security.ldap.socket.timeoutMillis'标志来增加默认超时值。 您可能还发现池超时(artifactory.security.ldap.pool.timeoutMillis)对于超时空闲连接和清除陈旧连接也很有用