Active Directory is sending JBoss EAP a referral to "DomainDnsZones"

Solution Verified - Updated -

Issue

  • Why does the log show referral to DomainDnsZones?
  • Searches fail with the following exception:

    Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.example.com:636 [Root exception is java.net.ConnectException: Connection timed out]]
        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242) [rt.jar:1.7.0_67]
        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) [rt.jar:1.7.0_67]
        at org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:550) [jboss-negotiation-extras-2.2.5.Final-redhat-2.jar:2.2.5.Final-redhat-2]
        ... 30 more
    
  • Using Tomcat JNDIRealm gives:

    javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.example.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching DomainDnsZones.example.com found.]]
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:237)
    

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6
    • 7
    • Elytron or Legacy Security
  • Red Hat JBoss Web Server (JWS)
    • 3
    • 5
    • Apache Tomcat
  • Microsoft Active Directory (AD)
  • LDAP authentication

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In