Active Directory is sending JBoss EAP a referral to "DomainDnsZones"

Solution Verified - Updated -

Issue

  • Why does the log show referral to "DomainDnsZones"?
  • Searches fail with the following exception:

    Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.example.com:636 [Root exception is java.net.ConnectException: Connection timed out]]
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242) [rt.jar:1.7.0_67]
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189) [rt.jar:1.7.0_67]
    at org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:550) [jboss-negotiation-extras-2.2.5.Final-redhat-2.jar:2.2.5.Final-redhat-2]
    ... 30 more

  • Using Tomcat JNDIRealm gives:

    javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.example.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching DomainDnsZones.example.com found.]]
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:237)

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6
    • 7
  • Elytron or Legacy Security
  • Red Hat JBoss Web Server 3
  • Tomcat
  • Microsoft Active Directory (AD)
  • LDAP authentication

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In