java.net.ConnectException: Connection timed out when connecting to ldap

ldap connection timeout
root exception is java net connectexception connection refused: connect
java net connectexception connection timed out: connect
com sun jndi ldap connect timeout
intermittent ldap authentication
ldap communication exception
javax naming partialresultexception root exception is javax naming communicationexception
java net connectexception connection refused: connect in eclipse

i am trying to connect to ldap active directory on windows server 2008 using spring ldap 1.3.1.RELEASE and ldap config is as follows:

  • ldap url is: ldap://dc.fabrikam.com
  • username: administrator
  • password: 123456

- spring ldap configuration is as follows:

    <bean id="contextSource" 
    class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://dc.fabrikam.com" />
    <property name="base" value="dc=fabrikam,dc=com" />     
    <property name="userDn" value="CN=administrator,CN=Users,DC=fabrikam,DC=com" />     
    <property name="password" value="123456" />


    <property name="baseEnvironmentProperties">
    <map>
        <entry key="java.naming.referral">
            <value>follow</value>
        </entry>
    </map>
    </property>

</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <constructor-arg ref="contextSource" />
</bean>
  • LDAPContactDAO:

    @Service
    public class LDAPContactDAO implements ContactDAO {
    
    @Autowired
    private LdapTemplate ldapTemplate;
    
    public List getAllContactNames() {
        return ldapTemplate.search("", "(objectclass=person)",
                new AttributesMapper() {
                    public Object mapFromAttributes(Attributes attrs)
                            throws NamingException {
                        return attrs.get("cn").get();
                    }
                });
    }
    
    }
    

-debugs before the exception:

2012-12-31/15:50:36.425 [localhost-startStop-1] DEBUG AuthenticationSource not set - using default implementation
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Not using LDAP pooling
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Trying provider Urls: ldap://192.168.1.118/dc=fabrikam,dc=com
2012-12-31/15:50:37.558 [http-bio-8080-exec-5] DEBUG Got Ldap context on server 'ldap://192.168.1.118/dc=fabrikam,dc=com'

when trying to use the getAllContactNames method, i am getting the following exception:

org.springframework.ldap.CommunicationException: fabrikam.com.com:389; nested exception is javax.naming.CommunicationException: fabrikam.com.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:100)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    at java.net.Socket.connect(Socket.java:529)
    at java.net.Socket.connect(Socket.java:478)
    at java.net.Socket.<init>(Socket.java:375)
    at java.net.Socket.<init>(Socket.java:189)
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
    at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
    at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
    at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
    at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
    at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
    at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:253)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
    at com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
    at com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

please advise.

UPDATE:

I managed to connect to active directory with jxplorer using the following configuration:

  1. Host: dc.fabrikam.com
  2. Port: 389
  3. Base DN: dc=fabrikam,dc=com
  4. User DN: CN=administrator,CN=Users,DC=fabrikam,DC=com
  5. Password: secret

but i still getting timeout with spring ldap connection.

UPDATE2:

the issue is now narrowed to spring ldap because i tried the above configuration with JNDI and connection to ldap works fine as mentioned in here:

ldap search is very slow

i think that the referral property might be the issue.

We found this issue was due to a non-existent domain controller in DNS. If you're using a domain name instead of IP, do an NSLOOKUP to show all the IPs the domain points to:

NSLOOKUP fabrikam.com

Ensure all the IPs from NSLOOKUP are reachable on port 389:

Test-NetConnection 172.30.2.1 -port 389

AD To OID Sync Fails With [Root exception is java.net , AD To OID Sync Fails With [Root exception is java.net.ConnectException: Connection timed out] (Doc ID 433018.1). Last updated on OCTOBER 02, Now ActiveChgImp.trc file shows error connecting to AD server: LDAP URL : (<AD HOSTNAME>:<AD LDAP CommuncationException javax.naming. 2748383-AS Java User Management - No connection to the ldap server - Connection timed out to HTTP Proxy - Best Practices for Investigation Symptom During datasource configuration in Application Server (AS) Java User Management (UME), while trying to make LDAP over SSL (LDAPs) connection between SAP Portal and LDAP server, connection fails due

LDAP Connection TimeOut Exception, CommunicationException: 1.11.1.1:389 [Root exception is java.net.​ConnectException: Connection timed out: connect] at com.sun.jndi.ldap.​Connection. From next time I am not able to connect back to the LDAP directory. It throws follwoing exception for me Caused by: javax.naming.CommunicationException: 1.11.1.1:389 [Root exception is java.net.ConnectException: Connection timed out: connect] at com.sun.jndi.ldap.Connection.<init>(Connection.java:208)

Solved: Active Directory Users Cannot Login, CommunicationException: advisors.lan:389 [Root exception is java.net.​ConnectException: Connection timed out: connect]] at com.atlassian.crowd.​directory. searchEntitiesWithRequestControls(SpringLDAPConnector.java:392​) <IP of server> <host name of server> 192.168.1.123 ldap.atlassian.com You need to have local administrator rights on the machine hosting JIRA to make these changes. Alternatively, you can use the IP of the server in the LDAP configuration, as in Connecting to an LDAP Directory .

The problem you have is the connection you just have to group these aumetnar seeping into the base, for example your configuration is:

<property name="base" value="dc=fabrikam,dc=com" />

change to:

<property name="base" value="ou=grupo,dc=fabrikam,dc=com" />

Question: Getting Connection Timed out Error while Retrieving , java.net.ConnectException: Connection timed out when connecting to ldap - spring. LdapCtx.connect(LdapCtx.java:2652) at com.sun.jndi.ldap.LdapCtx. Error: javax.naming.CommunicationException: [server]:[port] [Root exception is java.net.ConnectException: Connection refused: connect] Cause: The port name you have specified for the LDAP/AD server is incorrect. I'd say your using the wrong hostname, the wrong port number, or haven't started you LDAP installation on that server yet.

java.net.ConnectException: Connection timed out: connect · Issue , CommunicationException: XXXXX.com:389 [Root exception is java.net.​ConnectException: Connection timed out: connect] at com.sun.jndi.ldap. [ERROR: java.net.ConnectException: Connection timed out: no further information] This tends to signify an issue on our end, if you see this please contact an administrator to notify management. This issue could be related to your internet connection or could indicate that we are having availability issues

Decision Center Connection to LDAP throws , Connection.(Unknown Source) at com.sun.jndi.ldap.LdapClient. java.net.​ConnectException: Connection timed out: connect #1396. Closed. Exception that is thrown on client side is java.net.ConnectException : connection timed out : connect What is the reason and how can i solve this? On client machine these are the following .class files AddClient.class AddServerImpl.class AddServerImpl_Stub.class and on server side AddServer.class AddServerImpl.class AddServerImpl_Stub.class

2748383 - AS Java User Management, CommunicationException: xxx.xxxx.xxx.net:389 [Root exception is java.net.​ConnectException: Connection timed out (Connection timed out)]. at com.sun.jndi​.ldap. Caused by: java.net.ConnectException: Connect with us. Connection timed out indicates that the port 389 is not accessible from your network. Make sure the firewall in cloud allows your ip to access port 389 of the LDAP host. phpldapadmin will work since it will listen on port 80/443 and it in turn connects with LDAP locally. You can test the connectivity by running telnet <LDAP Host> 389.

Comments
  • Have you tried removing the :389 at the end of the URL in the second example? Your first example was not supplying the full admin DN, so the authentication attempt was being rejected. The second example appears to be unable to connect to the LDAP server.
  • @ig0774, can you please see the latest update ? also is it possible that i can connect to the ldap url from browser ?
  • Connect to an LDAP URL from a web browser? None I know of support that. However, you can use an LDAP browser, such as Apache Directory Studio or JXPlorer to try the LDAP url.
  • Regarding the update, I notice this is what it's trying to connect to: fabrikam.com.com:389. This looks more like a copy-paste issue in the example provided. As I suggested before, could you try changing the url property to ldap://dc.fabrikam.com (or it's un-obfuscated equivalent)?
  • @ig0774, i removed the port suffix and still getting same error, i updated the question again.
  • Great answer, I found the exact IP after "NSLOOKUP" then the connection was established properly.
  • when i use the command telnet dc.fabrikam.com 389 there is no response in the cmd
  • @Marcel , how do I check that port is open on server or not?
  • Incomprehensible. 'Group these aumetnar seeping into the base' is meaningless and contains a non-existent word.