[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6675) ConnectException UnknownHostException using subdomain URL when searching

To: openldap-its@OpenLDAP.org
Subject: (ITS#6675) ConnectException UnknownHostException using subdomain URL when searching
From: adolfo@ingenia.es
Date: Thu, 14 Oct 2010 10:54:36 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Adolfo Cortés
Version: openldap-2.3.43-12.el5
OS: CentOS release 5.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.15.226.90)


I try to connect to an Active directory from a java application using  JNDI
/OpenLDAP openldap-2.3.43-12.el5 in CentOS release 5.2

When i did a search i get a CommunicationException
Error : javax.naming.CommunicationException: xxxxxxxx.es:636 [Root exception is
java.net.UnknownHostException: xxxxxxxx.es]]

xxxxxxxx.es:636 is reachable and another operations over LDAP as create user
goes fine.

I see that the problem is related to the DNS configuration:
the Active Directory server DNS is aaaaa.bbbbb.xxxxxxxx.es but the base search
is only xxxxxxxx.es

when I do the search i get the exception because it takes xxxxxxxx.es instead of
ssss.xxxxxxxx.es to perform the operation.

I tried to solve it adding  xxxxxxxx.es to hosts and writing the same IP of
aaaaa.bbbbb.xxxxxxxx.es , so the bypass works and the connection goes but now i
have a new problem, when i execute the search it connects but retrieves a
Referral Limit Exception, i´m thinking because there are jumps or confussion
between aaaaa.bbbbb.xxxxxxxx.es and xxxxxxxx.es because of the hosts bypass i
did.

So my workaround doesn´t works and i need to know or solve the connection
problem for use subdomain DNS and domain in search base.

Connection Parameters: everytihg goes right, is interesting the url, using not
secure ldap protocol I also get the same error.

[url: ldaps://aaaaa.bbbbb.xxxxxxxx.es]
java.naming.security.authentication:simple
Usuario mypassword@bbbbb.xxxxxxxx.es]
Password[getLDAPropertiesSSL]:mypassword]
keystore[getLDAPropertiesSSL]:/opt/java/jre/lib/security/jssecacerts
trustStore[getLDAPropertiesSSL]:/opt/java/jre/lib/security/jssecacerts
Especificacion uso SSL[getLDAPPropertiesSSL]java.naming.security.protocol ssl

Search details: see that base DC is xxxxxxxx.es

[base: OU=YYY,DC=xxxxxxxx,DC=es]
[searchFilter: (&(objectClass=group)(cn={0}))]
[filterArgs: new String[] {Usuarios}]
[searchControls: SUBTREE_SCOPE, Atributes null, returningobjflag true]

This Hosts file doesn´t produce the Communication ERROR
aaaaa.bbbbb.xxxxxxxx.es  ccc.ccc.ccc.ccc
xxxxxxxx.es              ccc.ccc.ccc.ccc

With this hosts file i get the Communication ERROR
aaaaa.bbbbb.xxxxxxxx.es  ccc.ccc.ccc.ccc

If i try this search directly in the AD server console, it works giving me the
results.

Thanks in advance,
Adolfo

Prev by Date: Re: (ITS#6625) draft-zeilenga-ldap-c-api-concurrency support
Next by Date: Re: (ITS#6675) ConnectException UnknownHostException using subdomain URL when searching
Index(es):
- Chronological
- Thread