Hisham Farahat

Greenhorn
+ Follow
since Oct 29, 2008
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Hisham Farahat

I could not connect through telnet
it takes long time, and nothing appeared.
Although the server is working normally right now. (the period of disconnection is not occurring now"
15 years ago
in Tomcat it failed , but using openLdap it connects normaly

i really don't know what to do
15 years ago
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://name.com:389/" connectionName="CN=tomcat,CN=Users,DC=name,DC=com" connectionPassword="************" alternateURL="ldap://ip:389/" userSubtree="true" referrals="follow" userSearch="(| (mailNickname={0}) (givenName={0}) )" userBase="DC=name,DC=com" roleBase="CN=Users,DC=name,DC=com" roleName="description" roleSearch="member={0}" roleSubtree="true" allRolesMode="AuthOnly" />
</Host>
15 years ago
The same server and port.

Both servers ( LDAP and Tomcat) are in one LAN, there are firewall and proxy but for external traffic .
15 years ago
Dear All,

I have a tomcat server 6.0 running on a Windows server 2003, it needs to authenticate users using JNDI realm which connects to an LDAP server ( Active directory running on a different machine).
The realm configuration in server.xml is as the following:
==============================================================
- <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://name.com:389/" connectionName="CN=tomcat,CN=Users,DC=name,DC=com" connectionPassword="************" alternateURL="ldap://ip:389/" userSubtree="true" referrals="follow" userSearch="(| (mailNickname={0}) (givenName={0}) )" userBase="DC=name,DC=com" roleBase="CN=Users,DC=name,DC=com" roleName="description" roleSearch="member={0}" roleSubtree="true" allRolesMode="AuthOnly" />
</Host>
==============================================================

The problem is when i try to login with my AD account, Sometimes ( around 40% of the times) i get a login error and it continues with this state for 10 minutes ( no user can login in this period ). Even the manager and admin accounts that are used to login the manager webapp are not allowed to login. How can i solve this problem? it is so annoying

Some points:
1- The log of the error is :
==================
Oct 29, 2008 8:30:12 AM org.apache.catalina.core.ApplicationDispatcher doForward
FINE: Disabling the response for futher output
Oct 29, 2008 8:30:15 AM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: name.com:389 [Root exception is java.net.ConnectException: Connection refused: connect]]
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1097)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:992)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:941)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:810)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.CommunicationException: name.com:389 [Root exception is java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
... 20 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(Unknown Source)
at javax.naming.spi.NamingManager.getURLObject(Unknown Source)
at javax.naming.spi.NamingManager.processURL(Unknown Source)
at javax.naming.spi.NamingManager.processURLAddrs(Unknown Source)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
... 23 more
Oct 29, 2008 8:30:15 AM org.apache.catalina.realm.JNDIRealm close
FINE: Closing directory context
Oct 29, 2008 8:30:15 AM org.apache.catalina.core.ApplicationDispatcher doForward
FINE: Disabling the response for futher output

==================

2- Rebooting the machine wil solve the problem
3- Restarting Tomcat won't affect any thing
4- I can connect to the LDAP server using Soferra LDAP Administration during the 10 blocking minutes
5- The system admin checked the log of the AD and nothing there.
6- I have tried to put the realm configuration under the context.xml, and the same thing happens.
7- most probably when i leave the session to expire ( 5 min) and try to login again afterwords it gets blocked.

Please help me in this issue, i need it working correctly ASAP.


Regards,
15 years ago