Dear All, I have stated this problem before, but maybe it was not clear. I will state it now hopefully more clearly.
I have a tomcat server 6.0 running on a Windows server 2003, it needs to authenticate users using JNDI realm which connects to an LDAP server ( Active directory running on a different machine). The realm configuration in server.xml is as the following: ============================================================== - <#11d47474394ad0f4_> <Host name="*localhost*" appBase="*webapps*"unpackWARs ="*true*" autoDeploy="*true*" xmlValidation="*false*" xmlNamespaceAware="* false*"> <Realm className="*org.apache.catalina.realm.JNDIRealm*" debug="*99*"connectionURL ="*ldap://name.com:389/*"; connectionName="*CN=tomcat,CN=Users,DC=name,DC=com *" connectionPassword="**************" alternateURL="*ldap://ip:389/*"userSubtree ="*true*" referrals="*follow*" userSearch="*(| (mailNickname={0}) (givenName={0}) )*" userBase="*DC=name,DC=com*" roleBase="* CN=Users,DC=name,DC=com*" roleName="*description*" roleSearch="*member={0}*"roleSubtree ="*true*" allRolesMode="*AuthOnly*" /> </Host> ============================================================== The problem is when i try to login with my AD account, Sometimes ( around 40% of the times) i get a login error and it continues with this state for 10 minutes ( no user can login in this period ). Even the manager and admin accounts that are used to login the manager webapp are not allowed to login. How can i solve this problem? it is so annoying :( Some points: 1- The log of the error is : ================== Oct 29, 2008 8:30:12 AM org.apache.catalina.core.ApplicationDispatcher doForward FINE: Disabling the response for futher output Oct 29, 2008 8:30:15 AM org.apache.catalina.realm.JNDIRealm authenticate SEVERE: Exception performing authentication javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: name.com:389 [Root exception is java.net.ConnectException: Connection refused: connect]] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source) at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1097) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:992) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:941) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:810) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Unknown Source) Caused by: javax.naming.CommunicationException: name.com:389 [Root exception is java.net.ConnectException: Connection refused: connect] at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source) at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown Source) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source) ... 20 more Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(Unknown Source) at java.net.PlainSocketImpl.connectToAddress(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.<init>(Unknown Source) at java.net.Socket.<init>(Unknown Source) at com.sun.jndi.ldap.Connection.createSocket(Unknown Source) at com.sun.jndi.ldap.Connection.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(Unknown Source) at javax.naming.spi.NamingManager.getURLObject(Unknown Source) at javax.naming.spi.NamingManager.processURL(Unknown Source) at javax.naming.spi.NamingManager.processURLAddrs(Unknown Source) at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source) ... 23 more Oct 29, 2008 8:30:15 AM org.apache.catalina.realm.JNDIRealm close FINE: Closing directory context Oct 29, 2008 8:30:15 AM org.apache.catalina.core.ApplicationDispatcher doForward FINE: Disabling the response for futher output ================== 2- Rebooting the machine wil solve the problem 3- Restarting Tomcat won't affect any thing 4- I can connect to the LDAP server using Soferra LDAP Administration during the 10 blocking minutes 5- The system admin checked the log of the AD and nothing there. 6- I have tried to put the realm configuration under the context.xml, and the same thing happens. 7- most probably when i leave the session to expire ( 5 min) and try to login again afterwords it gets blocked. Please help me in this issue, i need it working correctly ASAP. P.S Thanks for every one who helped and will help me in this issue. Regards, -- Hisham Farahat
