Re: Is LDAP connection failing?

Luis Rodríguez Fernández Fri, 13 Apr 2018 08:39:45 -0700

Hello Felix,

Thanks for your feedback!


Actually I realized that with userPattern I do not need to declare neither
userBase nor userSubtree.

roleSubtree="true", indeed! Nevertheless with "1" was working for me
anyway...

Cheers,

Luis

2018-04-11 11:32 GMT+02:00 Felix Schumacher <
felix.schumac...@internetallee.de>:

> Hi Luis,
>
>
> Am 05.04.2018 18:50, schrieb Luis Rodríguez Fernández:
>
>> Hello Suvendu,
>>
>> May I ask you to share your JNDIRealm configuration?
>>
>> For me something like this works:
>>
>>  <Realm className="org.apache.catalina.realm.JNDIRealm"
>>      connectionURL="ldaps://my.users.directory.com:636"
>>      connectionName="CN=MY_BINDING_USER,OU=Users,OU=Organic
>> Units,DC=cern,DC=ch"
>>      connectionPassword="PASSWORD"
>>      userBase="OU=Users,OU=Organic Units,DC=cern,DC=ch"
>>      userSubtree="false"
>>      userPattern="cn={0},OU=Users,OU=Organic Units,DC=cern,DC=ch"
>>
>>  roleBase="OU=BASE_ORGANIZATION_UNIT_FOR_MY_GROUPS,OU=
>> Workgroups,DC=cern,DC=ch"
>>      roleSubtree="1"
>>      roleName="cn"
>>      roleSearch="(&amp;(member={0})(objectclass=group))"
>> />
>>
>
> you are using userPattern to find users. In that case the userSubtree
> configuration
> will be ignored. roleSubtree should be either "true" or "false".
>
> Regards,
>  Felix
>
>
>
>> Hope it helps,
>>
>> Luis
>>
>>
>>
>>
>>
>>
>>
>>
>> 2018-04-05 15:32 GMT+02:00 Suvendu Sekhar Mondal <suv3...@gmail.com>:
>>
>> Hello Everyone,
>>>
>>> Recently in one of our environments I am seeing following log in
>>> Catalina.out. It seems that LDAP connection is failing. This issue is
>>> sporadic and goes away with Tomcat recycle.
>>>
>>> One interesting thing is "localhost:389" part. I could not find out
>>> any configuration related to that. It could happen that I am not
>>> looking at the correct place.
>>>
>>> We have 200+ JVMs out there which were starting up simultaneously but
>>> this happens for some of them sporadically. I suspect that some race
>>> condition might be causing this failure but could not found any
>>> evidence so far. Can someone please suggest how can I identify what is
>>> failing? and why it is failing?
>>>
>>> Thanks!
>>> Suvendu
>>>
>>> Stack trace:
>>> 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
>>> Deploying web application directory D:\xxx\webapps\ROOT
>>> 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
>>> - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
>>> org.apache.catalina.LifecycleException: Failed to start component
>>> [Realm[JNDIRealm]]
>>>      at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:154)
>>>      at org.apache.catalina.realm.CombinedRealm.startInternal(
>>> CombinedRealm.java:201)
>>>      at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>>      at org.apache.catalina.core.StandardContext.startInternal(
>>> StandardContext.java:5373)
>>>      at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>>      at org.apache.catalina.core.ContainerBase.addChildInternal(
>>> ContainerBase.java:901)
>>>      at org.apache.catalina.core.ContainerBase.addChild(
>>> ContainerBase.java:877)
>>>      at org.apache.catalina.core.StandardHost.addChild(
>>> StandardHost.java:649)
>>>      at org.apache.catalina.startup.HostConfig.deployDirectory(
>>> HostConfig.java:1247)
>>>      at org.apache.catalina.startup.HostConfig$DeployDirectory.
>>> run(HostConfig.java:1898)
>>>      at java.util.concurrent.Executors$RunnableAdapter.
>>> call(Executors.java:511)
>>>      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>>      at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>> ThreadPoolExecutor.java:1142)
>>>      at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>> ThreadPoolExecutor.java:617)
>>>      at java.lang.Thread.run(Thread.java:745)
>>> Caused by: org.apache.catalina.LifecycleException: Exception opening
>>> directory server connection
>>>      at org.apache.catalina.realm.JNDIRealm.startInternal(
>>> JNDIRealm.java:2191)
>>>      at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>>      ... 14 more
>>> Caused by: javax.naming.CommunicationException: localhost:389 [Root
>>> exception is java.net.ConnectException: Connection refused: connect]
>>>      at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
>>>      at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
>>>      at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
>>>      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
>>>      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
>>>      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
>>> LdapCtxFactory.java:70)
>>>      at javax.naming.spi.NamingManager.getInitialContext(
>>> NamingManager.java:684)
>>>      at javax.naming.InitialContext.getDefaultInitCtx(
>>> InitialContext.java:313)
>>>      at javax.naming.InitialContext.init(InitialContext.java:244)
>>>      at javax.naming.InitialContext.<init>(InitialContext.java:216)
>>>      at javax.naming.directory.InitialDirContext.<init>(
>>> InitialDirContext.java:101)
>>>      at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
>>>      at org.apache.catalina.realm.JNDIRealm.startInternal(
>>> JNDIRealm.java:2189)
>>>      ... 15 more
>>> Caused by: java.net.ConnectException: Connection refused: connect
>>>      at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
>>>      at java.net.AbstractPlainSocketImpl.doConnect(
>>> AbstractPlainSocketImpl.java:350)
>>>      at java.net.AbstractPlainSocketImpl.connectToAddress(
>>> AbstractPlainSocketImpl.java:206)
>>>      at java.net.AbstractPlainSocketImpl.connect(
>>> AbstractPlainSocketImpl.java:188)
>>>      at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
>>>      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>>>      at java.net.Socket.connect(Socket.java:589)
>>>      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>      at sun.reflect.NativeMethodAccessorImpl.invoke(
>>> NativeMethodAccessorImpl.java:62)
>>>      at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>> DelegatingMethodAccessorImpl.java:43)
>>>      at java.lang.reflect.Method.invoke(Method.java:498)
>>>      at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
>>>      at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
>>>      ... 27 more
>>>
>>> 2018-04-02 20:34:35,059 INFO org.apache.catalina.startup.HostConfig -
>>> Deployment of web application directory D:\xxx\webapps\ROOT has
>>> finished in 7,766 ms
>>> 2018-04-02 20:34:35,075 INFO
>>> org.apache.coyote.http11.Http11AprProtocol - Starting ProtocolHandler
>>> ["http-apr-18110"]
>>> 2018-04-02 20:34:35,091 INFO org.apache.coyote.ajp.AjpAprProtocol -
>>> Starting ProtocolHandler ["ajp-apr-18111"]
>>> 2018-04-02 20:34:35,091 INFO org.apache.catalina.startup.Catalina -
>>> Server startup in 235096 ms
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Re: Is LDAP connection failing?

Reply via email to