Hi, Knowledge on configuring JNDIRealms security: zip! Knowledge on the JNDI LDAP interface: guru!
The root cause: javax.naming.CommunicationException, refers to there being an underlying network problem with communicating between the LDAP client, and the LDAP server. The message received from the ldap driver: "Request: 1 cancelled" is the reason as to why this error occured. As can be seen its not very helpful. (I've been spoilt on receiving error codes from servers and detailed messages and such). You appear to be using the Sun JNDI LDAP reference implementation, which I found to not always offer the best error messages. I cant remember if it has any extra logging capabilities (from memory it doesn't) to try and wring more information out of the driver, however the key to solving the problem may lie elsewhere. I would recommended turning on the detailed debugging in your LDAP server to determine what error it is trying to communicate back to the LDAP driver (and if the server is successfully contacted in this first instance), by of course inspecting its logs. This approach I have had to use a number of times on less than helpful LDAP drivers that don't seem to think good error messages are needed. You are trying to use a secure SSL connection to the LDAP server, but it does not appear to be SSL related as you normally get a specific SSL error back when it is SSL related, usually ugly and unhelpful. Regards, Shane. -----Original Message----- From: Chong Yu Meng [mailto:[EMAIL PROTECTED] Sent: Friday, 7 May 2004 4:32 PM To: Tomcat Users List Subject: JNDIRealm strangeness Hi All ! I wonder if anyone has seen this anomaly, when following my instructions on setting up a JNDIRealm, on my website (http://cymulacrum.net/writings/adv_tomcat/c487.html). I wrote these instructions after version 5.0.19 of Tomcat came out and fixed the character encoding issue in the JNDIRealm. In my document I described how to : 1. Setup OpenLDAP so it runs with SSL/TLS enabled 2. Setup Tomcat's JNDIRealm so that it communicates with ldap://localhost:636, the secure port instead of 389. I never noticed anything strange, because my JNDIRealm setup seemed to work fine, but when I tried to put SecurityFilter on, I found an error. Thinking that it was probably SecurityFilter, I looked at the logfiles, and I was surprised to find that, even before I had installed SecurityFilter, there was that same error being logged inside catalina.out. I just never bothered to look before because everything seemed to be running fine. Here's what the error looks like. It only occurs on startup, all LDAP operations work fine with no errors: JNDIRealm[Catalina]: Connecting to URL ldap://localhost:636 JNDIRealm[Catalina]: Exception performing authentication javax.naming.CommunicationException: Request: 1 cancelled at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:76) at com.sun.jndi.ldap.Connection.readReply(Connection.java:433) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:356) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:187) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2615) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:674) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:256) at javax.naming.InitialContext.init(InitialContext.java:232) at javax.naming.InitialContext.<init>(InitialContext.java:208) <rest of errors snipped> I'm not really sure where to begin, or even if it is significant (since LDAP authentication still works). If you want to repeat this error for yourself, you can follow the instructions on my web page. Any help would be greatly appreciated ! Regards, pascal chong --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
