Rundeck docker ldap configs issues

Cristina Ruscau

unread,

Mar 5, 2024, 7:20:06 AM3/5/24

to rundeck-discuss

Hello,

I've been trying for some time to do the right configs for rundeck docker image to enable ldaps login. Currently using version 5.1.1-rc2-20240229, also tried 5.1.0.

I keep getting connection closed, not sure why or how to fix that, any ideas what is wrong with my config?

I did manage to ping the ldaps url/port combination from the docker image, so I don't think it's a firewall issue.

I have set these environment variables in my Dockerfile, is there something I'm missing?

I also tried to set them via remco, same result.

ENV RUNDECK_AUTHENTICATION=ldap
ENV RDECK_JVM_OPTS="-Dloginmodule.name=ldap -Dcom.dtolabs.rundeck.jetty.jaas.LEVEL=DEBUG"
ENV RUNDECK_LOGGING_LOGLEVEL_ROOT="debug"
ENV RUNDECK_JAAS_LDAP_FLAG=required

ENV RUNDECK_JAAS_MODULES_0="JettyCachingLdapLoginModule"
ENV RUNDECK_JAAS_LDAP_CONTEXTFACTORY="com.sun.jndi.ldap.LdapCtxFactory"
ENV RUNDECK_JAAS_LDAP_PROVIDERURL="myldapurl"
ENV RUNDECK_JAAS_LDAP_BINDDN="username"
ENV RUNDECK_JAAS_LDAP_BINDPASSWORD="password"
ENV RUNDECK_JAAS_LDAP_AUTHENTICATIONMETHOD="simple"
ENV RUNDECK_JAAS_LDAP_USERBASEDN="userBaseDn"
ENV RUNDECK_JAAS_LDAP_ROLEBASEDN="roleBaseDn"
ENV RUNDECK_JAAS_LDAP_FORCEBINDINGLOGIN="true"
ENV RUNDECK_JAAS_LDAP_USERRDNATTRIBUTE="sAMAccountName"
ENV RUNDECK_JAAS_LDAP_USERIDATTRIBUTE="sAMAccountName"
ENV RUNDECK_JAAS_LDAP_USERPASSWORDATTRIBUTE="pwd"
ENV RUNDECK_JAAS_LDAP_USEROBJECTCLASS="user"
ENV RUNDECK_JAAS_LDAP_ROLENAMEATTRIBUTE="cn"
ENV RUNDECK_JAAS_LDAP_ROLEOBJECTCLASS="group"
ENV RUNDECK_JAAS_LDAP_ROLEUSERNAMEMEMBERATTRIBUTE="member"
ENV RUNDECK_JAAS_LDAP_ROLEMEMBERATTRIBUTE="roleAttr"
ENV RUNDECK_JAAS_LDAP_SUPPLEMENTALROLES="role"
ENV RUNDECK_JAAS_LDAP_CACHEDURATIONMILLIS="30000"
ENV RUNDECK_JAAS_LDAP_REPORTSTATISTICS="true"
ENV RUNDECK_JAAS_LDAP_TIMEOUTREAD="10000"
ENV RUNDECK_JAAS_LDAP_TIMEOUTCONNECT="20000"
ENV RUNDECK_SECURITY_SYNCLDAPUSER="true"
ENV RUNDECK_JAAS_LDAP_NESTEDGROUPS="false"

I'm getting this exception

ERROR jaas.JettyCachingLdapLoginModule - Naming error

javax.naming.CommunicationException: simple bind failed: myldapurl

...

Caused by: java.net.SocketException: Connection or outbound has closed

I also tried to add the cacerts in $JAVA_HOME/conf/security/cacerts and also tried to import the certs into the truststore, but got the same results.

Any help would be much appreciated!

Thank you,

Cristina Ruscau

rac...@rundeck.com

unread,

Mar 5, 2024, 8:34:08 AM3/5/24

to rundeck-discuss

Hi Cristina,

Could you share the full service.log output to take a look?

Regards.

Cristina Ruscau

unread,

Mar 5, 2024, 10:29:11 AM3/5/24

to rundeck-discuss

Hi Rac,

Thank you for your quick response.

I managed to resolve that part, but posting here in case someone has this issue (stacktrace below).

I got a suggestion to use -Djavax.net.debug=ssl,handshake for more debug logs, this helped narrow down the issue to placing the cacerts to the wrong location.

I placed them in /etc/ssl/certs/java which resolved the issue I was having.

Now I'm getting another issue, the user is found, but role configuration seems to be incorrect

[2024-03-05T14:16:52,943] WARN jaas.JettyCachingLdapLoginModule - JettyCachingLdapLoginModule: User 'ruscau' has no role membership; role query configuration may be incorrect

So another question I have is, do I need some rundeck specific configs on roles, or does this issue refer to ldap role config?

(initial stacktrace before fixing certs)

2024-03-05 11:37:49 [2024-03-05T09:37:49,559] ERROR jaas.JettyCachingLdapLoginModule - Naming error
2024-03-05 11:37:49 javax.naming.CommunicationException: simple bind failed: ldapurl:636
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:266) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:284) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115) ~[?:?]
2024-03-05 11:37:49 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) ~[?:?]
2024-03-05 11:37:49 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
2024-03-05 11:37:49 at javax.naming.InitialContext.init(InitialContext.java:236) ~[?:?]
2024-03-05 11:37:49 at javax.naming.InitialContext.<init>(InitialContext.java:208) ~[?:?]
2024-03-05 11:37:49 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) ~[?:?]
2024-03-05 11:37:49 at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.initialize(JettyCachingLdapLoginModule.java:1038) ~[classes!/:?]
2024-03-05 11:37:49 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:737) ~[?:?]
2024-03-05 11:37:49 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:672) ~[?:?]
2024-03-05 11:37:49 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:670) ~[?:?]
2024-03-05 11:37:49 at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
2024-03-05 11:37:49 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:670) ~[?:?]
2024-03-05 11:37:49 at javax.security.auth.login.LoginContext.login(LoginContext.java:581) ~[?:?]
2024-03-05 11:37:49 at org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.authenticate(AbstractJaasAuthenticationProvider.java:173) ~[spring-security-core-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.rundeck.security.RundeckJaasAuthenticationProvider.super$2$authenticate(RundeckJaasAuthenticationProvider.groovy) ~[classes!/:?]
2024-03-05 11:37:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
2024-03-05 11:37:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
2024-03-05 11:37:49 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
2024-03-05 11:37:49 at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
2024-03-05 11:37:49 at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107) ~[groovy-3.0.19.jar!/:3.0.19]
2024-03-05 11:37:49 at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323) ~[groovy-3.0.19.jar!/:3.0.19]
2024-03-05 11:37:49 at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1254) ~[groovy-3.0.19.jar!/:3.0.19]
2024-03-05 11:37:49 at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144) ~[groovy-3.0.19.jar!/:3.0.19]
2024-03-05 11:37:49 at org.rundeck.security.RundeckJaasAuthenticationProvider.authenticate(RundeckJaasAuthenticationProvider.groovy:39) ~[classes!/:?]
2024-03-05 11:37:49 at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:85) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.groovy:53) ~[spring-security-core-5.2.1-plain.jar!/:?]
2024-03-05 11:37:49 at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:64) ~[spring-security-core-5.2.1-plain.jar!/:?]
2024-03-05 11:37:49 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58) ~[spring-security-core-5.2.1-plain.jar!/:?]
2024-03-05 11:37:49 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) ~[spring-security-web-5.8.5.jar!/:5.8.5]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77) ~[grails-web-mvc-6.0.0.jar!/:6.0.0]
2024-03-05 11:37:49 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.32.jar!/:5.3.32]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67) ~[grails-web-mvc-6.0.0.jar!/:6.0.0]
2024-03-05 11:37:49 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.32.jar!/:5.3.32]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.32.jar!/:5.3.32]
2024-03-05 11:37:49 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.32.jar!/:5.3.32]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) ~[spring-boot-actuator-2.7.12.jar!/:2.7.12]
2024-03-05 11:37:49 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.32.jar!/:5.3.32]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.32.jar!/:5.3.32]
2024-03-05 11:37:49 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.32.jar!/:5.3.32]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) ~[jetty-security-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) ~[jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) ~[jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) ~[jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:137) ~[jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) [jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) [jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
2024-03-05 11:37:49 at java.lang.Thread.run(Thread.java:829) [?:?]
2024-03-05 11:37:49 Caused by: java.net.SocketException: Connection or outbound has closed
2024-03-05 11:37:49 at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1302) ~[?:?]
2024-03-05 11:37:49 at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) ~[?:?]
2024-03-05 11:37:49 at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:413) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:386) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) ~[?:?]
2024-03-05 11:37:49 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) ~[?:?]
2024-03-05 11:37:49 ... 97 more

Thank you,

Cristina Ruscau

rac...@rundeck.com

unread,

Mar 5, 2024, 10:46:53 AM3/5/24

to rundeck-discuss

Hi Cristina,

Due this: User 'ruscau' has no role membership

All users must be part of a role (Group), defined at the roleBaseDn config parameter (RUNDECK_JAAS_LDAP_ROLEBASEDN in docker config). Please check this all-in-one example.

Regards.

Cristina Ruscau

unread,

Mar 8, 2024, 4:59:25 AM3/8/24

to rundeck-discuss

Hello,

I have another question.

I managed to do the ldaps login, but now I'm getting this exception when the connection is closing after the login is successful:

Do you know what should I do to resolve this issue? The things that I tried by googling it didn't help. I used the latest rundeck docker image.

2024-03-08 09:57:03 javax.net.ssl|WARNING|03|Finalizer|2024-03-08 07:57:03.070 GMT|SSLSocketImpl.java:596|SSLSocket duplex close failed (
2024-03-08 09:57:03 "throwable" : {
2024-03-08 09:57:03 java.net.SocketException: Socket is closed
2024-03-08 09:57:03 at java.base/java.net.Socket.shutdownInput(Socket.java:1539)
2024-03-08 09:57:03 at java.base/sun.security.ssl.BaseSSLSocketImpl.shutdownInput(BaseSSLSocketImpl.java:216)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:854)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(SSLSocketImpl.java:803)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:665)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:585)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.close(SSLSocketImpl.java:1334)
2024-03-08 09:57:03 at java.base/java.io.FilterOutputStream.close(FilterOutputStream.java:188)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.Connection.flushAndCloseOutputStream(Connection.java:688)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.Connection.cleanup(Connection.java:641)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.LdapClient.close(LdapClient.java:446)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.LdapCtx.closeConnection(LdapCtx.java:2960)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.LdapCtx.close(LdapCtx.java:2671)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.LdapCtx.decEnumCount(LdapCtx.java:2980)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.cleanup(AbstractLdapNamingEnumeration.java:400)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.finalize(AbstractLdapNamingEnumeration.java:387)
2024-03-08 09:57:03 at java.base/java.lang.System$2.invokeFinalize(System.java:2142)
2024-03-08 09:57:03 at java.base/java.lang.ref.Finalizer.runFinalizer(Finalizer.java:87)
2024-03-08 09:57:03 at java.base/java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:171)}
2024-03-08 09:57:03
2024-03-08 09:57:03 )
2024-03-08 09:57:03 javax.net.ssl|WARNING|47|Thread-12|2024-03-08 07:57:03.077 GMT|SSLSocketImpl.java:1658|handling exception (
2024-03-08 09:57:03 "throwable" : {
2024-03-08 09:57:03 java.net.SocketException: Socket closed
2024-03-08 09:57:03 at java.base/java.net.SocketInputStream.socketRead0(Native Method)
2024-03-08 09:57:03 at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115)
2024-03-08 09:57:03 at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168)
2024-03-08 09:57:03 at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:70)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1459)
2024-03-08 09:57:03 at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1070)
2024-03-08 09:57:03 at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252)
2024-03-08 09:57:03 at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:292)
2024-03-08 09:57:03 at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:351)
2024-03-08 09:57:03 at java.naming/com.sun.jndi.ldap.Connection.run(Connection.java:890)
2024-03-08 09:57:03 at java.base/java.lang.Thread.run(Thread.java:829)}
2024-03-08 09:57:03
2024-03-08 09:57:03 )

Thank you,

Cristina Ruscau

rac...@rundeck.com

unread,

Mar 8, 2024, 8:17:36 AM3/8/24

to rundeck-discuss

Hi Cristina,

In some circumstances, AD judges that a connection has been idle for too long and shuts it on the Active Directory side. As a result, when user activities initiate LDAP searches, Rundeck attempts to leverage the closed connection and raises an exception.

So, you can try using the timeoutReadRead and timeoutConnect parameters in your LDAPS/AD config with “small values" forcing Rundeck to close the connection before the Active Directory does. Take a look at this example.