关于spring:java.net.ConnectException:连接到ldap时连接超时


java.net.ConnectException: Connection timed out when connecting to ldap

我正在尝试使用Spring ldap 1.3.1连接到Windows Server 2008上的ldap活动目录
ldap的配置如下:

  • ldap网址是:ldap://dc.fabrikam.com
  • 用户名:管理员
  • 密码:123456

-spring ldap的配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
    <bean id="contextSource"
    class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://dc.fabrikam.com" />
    <property name="base" value="dc=fabrikam,dc=com" />    
    <property name="userDn" value="CN=administrator,CN=Users,DC=fabrikam,DC=com" />    
    <property name="password" value="123456" />


    <property name="baseEnvironmentProperties">
    <map>
        <entry key="java.naming.referral">
            <value>follow</value>
        </entry>
    </map>
    </property>

</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <constructor-arg ref="contextSource" />
</bean>

  • LDAPContactDAO:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    @Service
    public class LDAPContactDAO implements ContactDAO {

    @Autowired
    private LdapTemplate ldapTemplate;

    public List getAllContactNames() {
        return ldapTemplate.search("","(objectclass=person)",
                new AttributesMapper() {
                    public Object mapFromAttributes(Attributes attrs)
                            throws NamingException {
                        return attrs.get("cn").get();
                    }
                });
    }

    }

-在异常之前进行调试:

1
2
3
4
2012-12-31/15:50:36.425 [localhost-startStop-1] DEBUG AuthenticationSource not set - using default implementation
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Not using LDAP pooling
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Trying provider Urls: ldap://192.168.1.118/dc=fabrikam,dc=com
2012-12-31/15:50:37.558 [http-bio-8080-exec-5] DEBUG Got Ldap context on server 'ldap://192.168.1.118/dc=fabrikam,dc=com'

尝试使用getAllContactNames方法时,出现以下异常:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
org.springframework.ldap.CommunicationException: fabrikam.com.com:389; nested exception is javax.naming.CommunicationException: fabrikam.com.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:100)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    at java.net.Socket.connect(Socket.java:529)
    at java.net.Socket.connect(Socket.java:478)
    at java.net.Socket.<init>(Socket.java:375)
    at java.net.Socket.<init>(Socket.java:189)
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
    at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
    at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
    at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
    at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
    at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
    at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:253)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
    at com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
    at com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

请指教。

更新:

我设法使用以下配置通过jxplorer连接到活动目录:

  • 主持人:dc.fabrikam.com
  • 端口:389
  • 基本DN:dc = fabrikam,dc = com
  • 用户DN:CN =管理员,CN =用户,DC = fabrikam,DC = com
  • 密码:秘密

    • 但是我仍然与Spring ldap连接超时。

    UPDATE2:

    现在的问题仅限于spring ldap,因为我使用JNDI尝试了上述配置,并且与ldap的连接工作正常,如此处所述:

    ldap搜索非常慢

    我认为推荐属性可能是问题。

    相关讨论

    我们发现此问题是由于DNS中不存在域控制器引起的。如果您使用的是域名而不是IP,请执行NSLOOKUP以显示该域指向的所有IP:

    1
    NSLOOKUP fabrikam.com

    确保来自NSLOOKUP的所有IP在端口389上均可访问:

    1
    Test-NetConnection 172.30.2.1 -port 389
    相关讨论

    连接到远程资源时,一千种可能出错。要缩小原因,请按以下步骤操作:

    • 检查Windows日志(使用事件查看器)
    • 如果已启用,请在dc.fabrikam.com上禁用Windows防火墙(然后确保打开了端口389)
    • 尝试从您手动运行Java应用程序的主机(如telnet dc.fabrikam.com 389)连接到LDAP
    • 尽可能将Java应用程序部署在同一主机dc.fabrikam.com上,以排除连接问题
    相关讨论

    要解决此问题,您需要将LDAP DNS配置添加到您的计算机以允许弹簧连接到LDAP服务器。

    • Linux:/ etc / hosts

    • Windows:C:\ Windows \ System32 \驱动程序\等\主机

    使用NSLOOKUP命令打开cmd以查看LDAP地址,然后将ldap服务器地址作为 添加到Windows主机文件中:

    例:

    192.168.1.123 ldap.atlassian.com

    您遇到的问题是,您只需要将这些渗入的分组归入基础的连接即可,例如,您的配置是:

    1
    <property name="base" value="dc=fabrikam,dc=com" />

    改成:

    1
    <property name="base" value="ou=grupo,dc=fabrikam,dc=com" />

    相关讨论