Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running fine on RHEL 8 about half an hour then got "The LDAP server is unavailable." exception. #49105

Closed
gfoidl opened this issue Jun 30, 2023 Discussed in #49088 · 5 comments
Closed

Running fine on RHEL 8 about half an hour then got "The LDAP server is unavailable." exception. #49105

gfoidl opened this issue Jun 30, 2023 Discussed in #49088 · 5 comments
Labels
area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. Status: No Recent Activity

Comments

@gfoidl
Copy link
Member

gfoidl commented Jun 30, 2023

Discussed in #49088

Originally posted by @caotoulei June 29, 2023
Here is the related code in my .net core API project Program.cs file.

builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
     .AddNegotiate(options =>
     {
         if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
         {
             options.EnableLdap(settings =>
             {
                 settings.Domain = "xxxxx.COM";
                 var ldapConnection = new LdapConnection(
                     new LdapDirectoryIdentifier("*ldap ip*", 389, true, false), 
                     new NetworkCredential(ApplicationData.srv_username, ApplicationData.srv_password), 
                     AuthType.Basic);
                 ldapConnection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
                 
                 ldapConnection.AutoBind = true;

                 settings.LdapConnection = ldapConnection;

             });
         }
     });

It runs fine on RHEL 8 Apache for about half an hour, and all the POST/GET requests to get responses right. Then, all the requests throw exceptions like this:

_Jun 28 23:16:46 RHServer0 dotnet[56593]: Connection id "0HMRO6D462Q9A", Request id "0HMRO6D462Q9A:00000003": An unhandled exception was thrown by the application.
Jun 28 23:16:46 RHServer0 dotnet[56593]: System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
Jun 28 23:16:46 RHServer0 dotnet[56593]: at System.DirectoryServices.Protocols.LdapConnection.BeginSendRequest(DirectoryRequest request, TimeSpan requestTimeout, PartialResultProcessing partialMode, AsyncCa
Jun 28 23:16:46 RHServer0 dotnet[56593]: at System.DirectoryServices.Protocols.LdapConnection.BeginSendRequest(DirectoryRequest request, PartialResultProcessing partialMode, AsyncCallback callback, Object s
Jun 28 23:16:46 RHServer0 dotnet[56593]: at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state,
Jun 28 23:16:46 RHServer0dotnet[56593]: at Microsoft.AspNetCore.Authentication.Negotiate.LdapAdapter.RetrieveClaimsAsync(LdapSettings settings, ClaimsIdentity identity, ILogger logger)
Jun 28 23:16:46 RHServer0 dotnet[56593]: at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleAuthenticateAsync()
Jun 28 23:16:46 RHServer0 dotnet[56593]: at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
Jun 28 23:16:46 RHServer0 dotnet[56593]: at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
Jun 28 23:16:46 RHServer0 dotnet[56593]: at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Jun 28 23:16:46 RHServer0 dotnet[56593]: at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)_

And the Service is still Active.
A lot of thanks for this.
@gfoidl gfoidl added the area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer label Jun 30, 2023
@ghost ghost added the NativeAOT label Jun 30, 2023
@gfoidl gfoidl removed the NativeAOT label Jun 30, 2023
@mitchdenny
Copy link
Member

Can this be reproduced using just LdapConnection? Based on the exception it looks like it's not necessarily ASP.NET specific.

@mkArtakMSFT mkArtakMSFT added this to the Backlog milestone Jul 5, 2023
@mkArtakMSFT mkArtakMSFT added Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. and removed investigate labels Jul 5, 2023
@mkArtakMSFT mkArtakMSFT removed this from the Backlog milestone Jul 5, 2023
@ghost
Copy link

ghost commented Jul 5, 2023

Hi @gfoidl. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

@dotnet dotnet deleted a comment Jul 5, 2023
@gfoidl
Copy link
Member Author

gfoidl commented Jul 5, 2023
edited
Loading

@caotoulei I'll just ping you in case you missed the (new) issue for your discussion.
Please see #49105 (comment)

@ghost ghost added Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. and removed Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. labels Jul 5, 2023
@mkArtakMSFT mkArtakMSFT added Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. and removed Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. labels Jul 6, 2023
@ghost
Copy link

ghost commented Jul 6, 2023

Hi @gfoidl. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

@ghost
Copy link

ghost commented Jul 10, 2023

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

See our Issue Management Policies for more information.

@ghost ghost closed this as completed Jul 13, 2023
@mrhockeymonkey mrhockeymonkey mentioned this issue Aug 4, 2023
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Aug 13, 2023
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. Status: No Recent Activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mitchdenny @gfoidl @mkArtakMSFT