Trouble connecting to LDAP on port 636

Help
1

Enonic version: 4.7
OS: Windows

Hello,
We are trying to change LDAP from standard-port to port 636 do to new securitysettings in Windows from March.
ref: https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

Have tried to set port :636 in the config but are not able to log on after that.

Here is part of the log:
29-Jan-2020 10:14:34.774 SEVERE [http-nio-8080-exec-2] com.enonic.cms.ee.ldap.LdapRemoteUserStorePlugin.handleException Cannot connect to userstore: ldap://:636
com.enonic.cms.core.security.userstore.connector.remote.RemoteUserStorePluginException: Cannot connect to userstore: ldap://:636
at com.enonic.cms.ee.ldap.LdapRemoteUserStorePlugin.verifyConnection(LdapRemoteUserStorePlugin.java:506)
at com.enonic.cms.ee.ldap.LdapRemoteUserStorePlugin.doInitialize(LdapRemoteUserStorePlugin.java:483)
at com.enonic.cms.ee.ldap.LdapRemoteUserStorePlugin.initialize(LdapRemoteUserStorePlugin.java:268)
at com.enonic.cms.ee.ldap.LdapRemoteUserStoreFactory.create(LdapRemoteUserStoreFactory.java:30)
at com.enonic.cms.core.security.userstore.connector.remote.RemoteUserStoreManager.create(RemoteUserStoreManager.java:44)
at com.enonic.cms.core.security.userstore.UserStoreConnectorManagerImpl.createRemoteUserStoreConnector(UserStoreConnectorManagerImpl.java:163)
at com.enonic.cms.core.security.userstore.UserStoreConnectorManagerImpl.doGetRemoteUserStoreConnector(UserStoreConnectorManagerImpl.java:130)
at com.enonic.cms.core.security.userstore.UserStoreConnectorManagerImpl.doGetUSConnector(UserStoreConnectorManagerImpl.java:112)
at com.enonic.cms.core.security.userstore.UserStoreConnectorManagerImpl.doGetUSConnectorBykey(UserStoreConnectorManagerImpl.java:198)
at com.enonic.cms.core.security.userstore.UserStoreConnectorManagerImpl.getUserStoreConnector(UserStoreConnectorManagerImpl.java:92)
at com.enonic.cms.core.security.userstore.UserStoreServiceImpl.doGetUSConnector(UserStoreServiceImpl.java:1111)
at com.enonic.cms.core.security.userstore.UserStoreServiceImpl.authenticateUser(UserStoreServiceImpl.java:755)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy41.authenticateUser(Unknown Source)
at com.enonic.cms.core.security.SecurityServiceImpl.doLoginAdminUser(SecurityServiceImpl.java:340)
at com.enonic.cms.core.security.SecurityServiceImpl.loginAdminUser(SecurityServiceImpl.java:286)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196)
at com.sun.proxy.$Proxy42.loginAdminUser(Unknown Source)
at com.enonic.vertical.adminweb.AdminLogInServlet.handlerLogin(AdminLogInServlet.java:382)
at com.enonic.vertical.adminweb.AdminLogInServlet.doPost(AdminLogInServlet.java:149)
at com.enonic.vertical.adminweb.AbstractAdminwebServlet.handleRequest(AbstractAdminwebServlet.java:253)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at com.enonic.cms.web.CmsDispatcherServlet.doService(CmsDispatcherServlet.java:58)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:98)
at com.enonic.cms.web.filter.VirtualHostFilter.doFilter(VirtualHostFilter.java:101)
at com.enonic.cms.web.filter.VirtualHostFilter.doFilterInternal(VirtualHostFilter.java:48)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:102)
at com.enonic.cms.web.filter.UpgradeCheckFilter.doFilterInternal(UpgradeCheckFilter.java:36)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:102)
at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:102)
at com.enonic.cms.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:49)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:102)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:102)
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:82)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1506)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:60000ms.
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:792)
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:822)
at org.springframework.ldap.core.LdapTemplate.lookupContext(LdapTemplate.java:1315)
at com.enonic.cms.ee.ldap.LdapConnector.lookup(LdapConnector.java:262)
at com.enonic.cms.ee.ldap.LdapRemoteUserStorePlugin.verifyConnection(LdapRemoteUserStorePlugin.java:502)
… 86 more
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:60000ms.
at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.(Unknown Source)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
… 93 more

Can someone please tell me how to get this working?

Sondre.

2

You seem to be missing the server name in the URL being used: “ldap://:636”

3

Hi,

I had removed the servername from the log when I uploaded it. Inserted “servername”

But yes it fails when i have “ldap:FQDN:636” in the setting.

Sondre.

4

Hi Sondre!

I guess this is an old issue and I do not know if it is relevant anymore, but today I read through some of the code that is used here, and I saw that the switch in the code that turns on or off SSL, is the protocol: “ldaps”. The port does not seem to have any effect on SSL, so “ldap:FQDN:636” will result in non-SSL communication.

Try using “ldaps:FQDN:636”, or more generally “ldaps://:636” and see if that works. :stuck_out_tongue_winking_eye: #myFiveCents