wood burning stoves*
The moose likes Tomcat and the fly likes Tomcat LDAP authentication problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat LDAP authentication problem" Watch "Tomcat LDAP authentication problem" New topic
Author

Tomcat LDAP authentication problem

Petteri Kivimaki
Greenhorn

Joined: Jun 06, 2012
Posts: 3
Hi everyone

I've been reading this forum for years and found answers to many questions, but for some reason I haven't registered until now.

I have a web application running on Tomcat 7.0.14 and I'm using LDAP for user authentication. The problem is that when a user logs in after an inactive period the following warning comes out. The inactive period doesn't have to be long, as only few minutes is enough. However, the user is able to log in despite of the warning. From the users' point of view the application behaves normally, but Tomcat log reveals the warning below.



The LDAP configuration is in the application's context.xml file:



Has anyone experienced similar problems?

Thanks
Petteri Kivimaki
Greenhorn

Joined: Jun 06, 2012
Posts: 3
I was able to figure out what causes the warning. The LDAP server timeout for idle connections is 3 minutes, which is the reason for the warning. Now I should find away to get rid of it.
Petteri Kivimaki
Greenhorn

Joined: Jun 06, 2012
Posts: 3
I was able to figure out the reason for the warning and also a way to get rid of it.

The reason for the warning was that the LDAP server is closing all the connections that have been idle for more than 5 minutes. The LDAP server admin told me that it's recommended to close the connection immediately after each login request, because the number of available handles is limited. Tomcat's JNDIRealm, however, doesn't offer a way to configure this, so I resolved the problem by extending the JNDIRealm class and overriding the authenticate(..) method. All that needs to be done is to close the connection to the LDAP server after each authentication request and the warnings are gone.

Note that the package needs to be the same as JNDIRealm class, because otherwise it's not possible to access the context variable.



Generated jar needs to be put under Tomcat's lib folder and change the className in the application's context.xml to org.apache.catalina.realm.CustomJNDIRealm. Then just restart Tomcat and that's it.

 
 
subject: Tomcat LDAP authentication problem
 
Similar Threads
javax.naming.ServiceUnavailableException: cod.dc.iad.equant.com:389; socket closed; remaining name '
LDAP Authentication with Active Directory
Tomcat 5.5.26 LDAP Problem
Windows Authentication Using Tomcat 5.0
JNDI in tomcat