my dog learned polymorphism*
The moose likes Security and the fly likes LDAP connection timeout exception - some times Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "LDAP connection timeout exception - some times" Watch "LDAP connection timeout exception - some times" New topic
Author

LDAP connection timeout exception - some times

java userj
Greenhorn

Joined: Mar 06, 2009
Posts: 2
Hi Team,


I'm using Ldap authentication for my web applications. Everything is working fine most of the times.

But ones in every 15 days or 10 days, I'm getting the connection timeout. But if I restart the tomcat then everything working fine. I couldn't find any

issues with my code. Can anyone please help me on this. below is my java code. I'm keeping all the ldap entries in tomcat's server.xml and getting them in my java code to avoid the hard

code configurations in my java code.

I'm closing the context and naming enumerations like below, but still getting javax.naming.CommunicationException: error.



Can anyone please help me out on this.



public boolean authenticateFromLdap(String username, String password)throws AuthenticationException,Exception {

LdapContext ctx = null;

Context newctx = new InitialContext();

Context envCtx = (Context) newctx.lookup("java:comp/env");

DirContext ctxDir = (DirContext)envCtx.lookup("ldap/myapp");

NamingEnumeration<?> namingEnum = null;

String userDN=null;

boolean isauthenticated = false;

try {

Hashtable env = null;

Control[] connCtls = null;

env = ctxDir.getEnvironment();

env.put(Context.REFERRAL, "follow");

this.filter = (String)env.get("ldap.filter");

this.base = (String)env.get("ldap.base");



try {

ctx = new InitialLdapContext(env, connCtls);

ctx.setRequestControls(null);

} catch (javax.naming.AuthenticationException ex) {

throw new Exception("ldap.server.exception");

} catch (Exception ex) {

throw new Exception("ldap.server.exception");

}

try {

SearchControls searchControls = new SearchControls();

searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);

searchControls.setTimeLimit(30000);

String filter="("+this.filter+"="+username+")";

ctx.setRequestControls(null);

namingEnum = ctx.search(

this.base,

filter, searchControls);

SearchResult result = (SearchResult) namingEnum.next();

Attributes attrs = result.getAttributes();

Attribute str1=attrs.get("userprincipalname");

userDN=str1.get().toString();

if(userDN==null){

userDN=username;

}

ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,userDN);

ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,password);

ctx.reconnect(connCtls);

isauthenticated = true;

}catch (AuthenticationException ex) {

throw new AuthenticationException();

}catch (NamingException ex) {

throw new Exception("ldap.server.exception");

}

return isauthenticated;

} finally {

if (null != namingEnum) {

try {

namingEnum.close();

} catch (Exception e) {

throw new Exception("close.ldap.failure");

}

}

if (null != ctx) {

try {

ctx.close();

} catch (Exception e) {

throw new Exception("close.ldap.failure");

}

}

}

}





Tomcat (v6.0.14) server.xml:



<Resource name="ldap/myapp"

auth="Container"

type="com.sun.jndi.ldap.LdapCtx"

factory="com.myapp.MyLdapFactory"

java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"

com.sun.jndi.ldap.connect.pool="false"

java.naming.provider.url="ldap://ldap.com.test.net:389"

java.naming.security.authentication="simple"

java.naming.security.principal="MyAdmin"

java.naming.security.credentials="xxxxxxx"

ldap.base="DC=com,DC=test,DC=net"

ldap.filter="sAMAccountName"

/>



Below is the error log trace:

2013-Mar-26 12:01:34,714 AppUserDetailsService - javax.naming.CommunicationException: ldap.com.test.net:389 [Root exception is java.net.ConnectException: Connection timed out: connect]



Note: Ones we restart the tomcat, everything is working as usual and after 2 weeks again same problem occuring.



Thanks in advance
Ganesh
Diwakar Shenoy
Greenhorn

Joined: Feb 01, 2012
Posts: 4

Hi Ganesh,

That is strange. You say the issue gets resolved when tomcat restarts? Do you know if the server "ldap.com.test.net" has a dynamic ip? I am guessing that this server has a dynamic IP and when you restart tomcat is able to route to this LDAP for 2 weeks or so. I am just guessing though.

Can you try moving the server name etc into a properties file instead of using <Resource ...> and see if this issue disappears?

Cheers,
Diwakar
java userj
Greenhorn

Joined: Mar 06, 2009
Posts: 2
Hi Diwakar,

Thanks for your reply. But I doubt how does it will resolve the problem if we move this ldap base property to a .properties file. Because we are using this <resource>.... </resource> configs as just like context. I have my own ldapfactory class where I'm reading this server.xml file and making a map and using that map in my authorisation class. Could please throw some more light on your point.

Thanks a lot for your quick turn around.

Regards,
Ganesh
 
 
subject: LDAP connection timeout exception - some times