> André Warnier <a...@ice-sa.com> > 14.02.2012 16:00 > > Please respond to > "Tomcat Users List" <users@tomcat.apache.org> > > To > > Tomcat Users List <users@tomcat.apache.org> > > cc > > Subject > > Re: Fw: Problems with LDAP authentication > > Lev A KARATUN wrote: > > Good morning everyone! > > > > Well, I've got no idea what happened (providing nobody is configuring > > tomcat except me), but I've just opened catalina.out and have seen that > > the error message changed to > > "Exception opening directory server connection: javax > > .naming.CommunicationException: raiffeisen.ru:389 [Root exception is > > java.net.SocketTimeoutException: connect timed out]" > > > > so Tomcat is at least trying to connect to the proper host now. > > > Lev, I don't think that you can be sure of that yet. > I cannot comment on your Realm configuration (because I don't know > how it works), but to > me the kind of problem you are having makes me suspect that > something is wrong in your > network setup. > The "connect timed out" for example suggest that Java/Tomcat may be > connecting to a host > that has port 389 open, and maybe the connect itself is working, but > the response to the > connect (a packet from that host "raiffeisen.ru") never comes back > to your Tomcat host. > > Perhaps the LDAP host "raiffeisen.ru" is in a different network > segment than your Tomcat host,
You're right, it is. Thanks for paying my attention on it. > and Tomcat can send packets to "raiffeisen.ru", but > "raiffeisen.ru" cannot send > packets back to the Tomcat host ? (some firewall or router in-between ?) > > Can you run a command-line session on the host "raiffeisen.ru", Unfortunately, not. I've got no access there (and doubt that I can get it without joining different department) ) > and check if from there > you can at least ping your Tomcat host ? I tried it vice versa - when trying to ping raiffeisen.ru from my Tomcat host I get no answer. > Or use a traceroute (tracert under Windows) from your Tomcat host to > the "raiffeisen.ru" > host (and look at the IP's) ? Well, I suppose, my first goal is to be able to telnet my AD host by port 389, right? If you don't mind I'll write you again when I'm done with it ) ----------------------------------- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. -----------------------------------
