Docker LDAP authentication stops working after a while

[Dave H]

Running Nexus 3.7.1 here, configure with LDAP authentication.

Our CI jobs push docker images to Nexus all day long.  Periodically, these pushes failed with docker reporting:

unauthorized: authentication required

Nexus logs are as follows:

2018-01-18 20:35:25,245+0000 WARN  [qtp786185289-1729] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder
2018-01-18 20:35:25,250+0000 WARN  [qtp786185289-1500] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder
2018-01-18 20:35:25,252+0000 WARN  [qtp786185289-2050] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder
2018-01-18 20:35:25,345+0000 WARN  [qtp786185289-1718] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder

Our work-around for this is that one of the developers needs to go into the Nexus UI and log into the web app.  It doesn't matter who.  Once we login (via LDAP) in the UI it magically starts working.

You can see that it's not easy to reproduce this in a simple test case, but it happens every day and it is a real pain as you can imagine.

Any help is appreciated!

[Michael Prescott]

Dave, that's obviously not right - would you mind filing an issue under the NEXUS project at http://issues.sonatype.org ? 

--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users+unsubscribe@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/8ddd1cdc-acf6-40d6-b641-70b171a74f28%40glists.sonatype.com.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.

[Dave H]

Done - https://issues.sonatype.org/browse/MVNCENTRAL-3052

On Thursday, January 18, 2018 at 4:49:16 PM UTC-5, Michael Prescott wrote:

Dave, that's obviously not right - would you mind filing an issue under the NEXUS project at http://issues.sonatype.org ? 

On 18 January 2018 at 16:01, Dave H <david....@gmail.com> wrote:

Running Nexus 3.7.1 here, configure with LDAP authentication.

Our CI jobs push docker images to Nexus all day long.  Periodically, these pushes failed with docker reporting:

unauthorized: authentication required

Nexus logs are as follows:

2018-01-18 20:35:25,245+0000 WARN  [qtp786185289-1729] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder
2018-01-18 20:35:25,250+0000 WARN  [qtp786185289-1500] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder
2018-01-18 20:35:25,252+0000 WARN  [qtp786185289-2050] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder
2018-01-18 20:35:25,345+0000 WARN  [qtp786185289-1718] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve information for user: builder

Our work-around for this is that one of the developers needs to go into the Nexus UI and log into the web app.  It doesn't matter who.  Once we login (via LDAP) in the UI it magically starts working.

You can see that it's not easy to reproduce this in a simple test case, but it happens every day and it is a real pain as you can imagine.

Any help is appreciated!

--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.

[Dave H]

by the way, it looks like the issue has to do with the LDAP server killed inactive connections after 10 minute and Nexus using LDAP connection pooling.

[nis...@uken.com]

Hello, I'm also facing this issue and was wondering if it has been fixed. Unfortunately I can't access the JIRA ticket to answer this for myself. Any updates will be appreciated.

[Peter Lynch]

The issue was closed as not a bug in nexus.

The LDAP server in the case reported was closing socket connections after 10 minutes while LDAP searches were taking place.

Go to "support/logging", and add a DEBUG level logger for: org.sonatype.nexus.ldap

Monitor the nexus.log for exception stack traces related to LDAP. If any found, let us know what you find.

To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/afcd9360-e7db-455c-b768-06e5a9d67e92%40glists.sonatype.com.

For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.

--

Peter Lynch, Sonatype Inc.

[nis...@uken.com]

Thank you! Looks like it might be the same issue for us. I'm working with our LDAP provider.

- Best,

Nishant.

[Christian Béland]

Found a solution to avoid this?