File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Tomcat LDAP authentication problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat LDAP authentication problem" Watch "Tomcat LDAP authentication problem" New topic

Tomcat LDAP authentication problem

Petteri Kivimaki

Joined: Jun 06, 2012
Posts: 3
Hi everyone

I've been reading this forum for years and found answers to many questions, but for some reason I haven't registered until now.

I have a web application running on Tomcat 7.0.14 and I'm using LDAP for user authentication. The problem is that when a user logs in after an inactive period the following warning comes out. The inactive period doesn't have to be long, as only few minutes is enough. However, the user is able to log in despite of the warning. From the users' point of view the application behaves normally, but Tomcat log reveals the warning below.

The LDAP configuration is in the application's context.xml file:

Has anyone experienced similar problems?

Petteri Kivimaki

Joined: Jun 06, 2012
Posts: 3
I was able to figure out what causes the warning. The LDAP server timeout for idle connections is 3 minutes, which is the reason for the warning. Now I should find away to get rid of it.
Petteri Kivimaki

Joined: Jun 06, 2012
Posts: 3
I was able to figure out the reason for the warning and also a way to get rid of it.

The reason for the warning was that the LDAP server is closing all the connections that have been idle for more than 5 minutes. The LDAP server admin told me that it's recommended to close the connection immediately after each login request, because the number of available handles is limited. Tomcat's JNDIRealm, however, doesn't offer a way to configure this, so I resolved the problem by extending the JNDIRealm class and overriding the authenticate(..) method. All that needs to be done is to close the connection to the LDAP server after each authentication request and the warnings are gone.

Note that the package needs to be the same as JNDIRealm class, because otherwise it's not possible to access the context variable.

Generated jar needs to be put under Tomcat's lib folder and change the className in the application's context.xml to org.apache.catalina.realm.CustomJNDIRealm. Then just restart Tomcat and that's it.

I agree. Here's the link:
subject: Tomcat LDAP authentication problem
Similar Threads
JNDI in tomcat
LDAP Authentication with Active Directory
javax.naming.ServiceUnavailableException:; socket closed; remaining name '
Tomcat 5.5.26 LDAP Problem
Windows Authentication Using Tomcat 5.0