You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Suvendu Sekhar Mondal <su...@gmail.com> on 2018/04/05 13:32:44 UTC
Is LDAP connection failing?
Hello Everyone,
Recently in one of our environments I am seeing following log in
Catalina.out. It seems that LDAP connection is failing. This issue is
sporadic and goes away with Tomcat recycle.
One interesting thing is "localhost:389" part. I could not find out
any configuration related to that. It could happen that I am not
looking at the correct place.
We have 200+ JVMs out there which were starting up simultaneously but
this happens for some of them sporadically. I suspect that some race
condition might be causing this failure but could not found any
evidence so far. Can someone please suggest how can I identify what is
failing? and why it is failing?
Thanks!
Suvendu
Stack trace:
2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
Deploying web application directory D:\xxx\webapps\ROOT
2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
- Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
org.apache.catalina.LifecycleException: Failed to start component
[Realm[JNDIRealm]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at org.apache.catalina.realm.CombinedRealm.startInternal(CombinedRealm.java:201)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5373)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.catalina.LifecycleException: Exception opening
directory server connection
at org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2191)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 14 more
Caused by: javax.naming.CommunicationException: localhost:389 [Root
exception is java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:70)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
at org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2189)
... 15 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 27 more
2018-04-02 20:34:35,059 INFO org.apache.catalina.startup.HostConfig -
Deployment of web application directory D:\xxx\webapps\ROOT has
finished in 7,766 ms
2018-04-02 20:34:35,075 INFO
org.apache.coyote.http11.Http11AprProtocol - Starting ProtocolHandler
["http-apr-18110"]
2018-04-02 20:34:35,091 INFO org.apache.coyote.ajp.AjpAprProtocol -
Starting ProtocolHandler ["ajp-apr-18111"]
2018-04-02 20:34:35,091 INFO org.apache.catalina.startup.Catalina -
Server startup in 235096 ms
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is LDAP connection failing?
Posted by Suvendu Sekhar Mondal <su...@gmail.com>.
On Wed, Apr 11, 2018, 3:00 PM Felix Schumacher <
felix.schumacher@internetallee.de> wrote:
> Am 05.04.2018 15:32, schrieb Suvendu Sekhar Mondal:
> > Hello Everyone,
> >
> > Recently in one of our environments I am seeing following log in
> > Catalina.out. It seems that LDAP connection is failing. This issue is
> > sporadic and goes away with Tomcat recycle.
> >
> > One interesting thing is "localhost:389" part. I could not find out
> > any configuration related to that. It could happen that I am not
> > looking at the correct place.
> >
> > We have 200+ JVMs out there which were starting up simultaneously but
> > this happens for some of them sporadically. I suspect that some race
> > condition might be causing this failure but could not found any
> > evidence so far. Can someone please suggest how can I identify what is
> > failing? and why it is failing?
>
> It would be nice to include the version of tomcat you are using.
> (I am guessing it is something like 7.0.55 as the source code matches
> the line
> numbers in the stacktrace)
>
Felix,
Sorry, I should have given that info upfront. You are correct. I'm using
7.0.55.
If it is this version, then the message will be generated, when your
> ldap server
> configured by connectionURL is not reachable on startup. Tomcat will try
> to
> connect to the ldap server configured by alternateURL. It seems to me,
> that
> you have not configured one (again guessing, as you didn't give
> configuration
> details). In that case the jre is using localhost:389 and as there is no
> LDAP server listening you get the exception.
>
You are right. We don't have any alternate URL configured. So, work around
we are using is to start those JVMs in batches. We are working on to tune
LDAP as well as to get alternate URL.
Thank you for the lead. Appreciate it! :)
>
> Regards,
> Felix
> >
> > Thanks!
> > Suvendu
> >
> > Stack trace:
> > 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
> > Deploying web application directory D:\xxx\webapps\ROOT
> > 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
> > - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
> > org.apache.catalina.LifecycleException: Failed to start component
> > [Realm[JNDIRealm]]
> > at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
> > at
> >
> org.apache.catalina.realm.CombinedRealm.startInternal(CombinedRealm.java:201)
> > at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> > at
> >
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5373)
> > at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> > at
> >
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
> > at
> > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
> > at
> > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
> > at
> >
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247)
> > at
> >
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898)
> > at
> > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> > at java.lang.Thread.run(Thread.java:745)
> > Caused by: org.apache.catalina.LifecycleException: Exception opening
> > directory server connection
> > at
> > org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2191)
> > at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> > ... 14 more
> > Caused by: javax.naming.CommunicationException: localhost:389 [Root
> > exception is java.net.ConnectException: Connection refused: connect]
> > at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
> > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
> > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
> > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
> > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
> > at
> >
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:70)
> > at
> > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
> > at
> > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
> > at javax.naming.InitialContext.init(InitialContext.java:244)
> > at javax.naming.InitialContext.<init>(InitialContext.java:216)
> > at
> >
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
> > at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
> > at
> > org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2189)
> > ... 15 more
> > Caused by: java.net.ConnectException: Connection refused: connect
> > at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
> > at
> > java.net
> .AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
> > at
> > java.net
> .AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
> > at
> > java.net
> .AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
> > at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
> > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> > at java.net.Socket.connect(Socket.java:589)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498)
> > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
> > at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
> > ... 27 more
> >
> > 2018-04-02 20:34:35,059 INFO org.apache.catalina.startup.HostConfig -
> > Deployment of web application directory D:\xxx\webapps\ROOT has
> > finished in 7,766 ms
> > 2018-04-02 20:34:35,075 INFO
> > org.apache.coyote.http11.Http11AprProtocol - Starting ProtocolHandler
> > ["http-apr-18110"]
> > 2018-04-02 20:34:35,091 INFO org.apache.coyote.ajp.AjpAprProtocol -
> > Starting ProtocolHandler ["ajp-apr-18111"]
> > 2018-04-02 20:34:35,091 INFO org.apache.catalina.startup.Catalina -
> > Server startup in 235096 ms
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Is LDAP connection failing?
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 05.04.2018 15:32, schrieb Suvendu Sekhar Mondal:
> Hello Everyone,
>
> Recently in one of our environments I am seeing following log in
> Catalina.out. It seems that LDAP connection is failing. This issue is
> sporadic and goes away with Tomcat recycle.
>
> One interesting thing is "localhost:389" part. I could not find out
> any configuration related to that. It could happen that I am not
> looking at the correct place.
>
> We have 200+ JVMs out there which were starting up simultaneously but
> this happens for some of them sporadically. I suspect that some race
> condition might be causing this failure but could not found any
> evidence so far. Can someone please suggest how can I identify what is
> failing? and why it is failing?
It would be nice to include the version of tomcat you are using.
(I am guessing it is something like 7.0.55 as the source code matches
the line
numbers in the stacktrace)
If it is this version, then the message will be generated, when your
ldap server
configured by connectionURL is not reachable on startup. Tomcat will try
to
connect to the ldap server configured by alternateURL. It seems to me,
that
you have not configured one (again guessing, as you didn't give
configuration
details). In that case the jre is using localhost:389 and as there is no
LDAP server listening you get the exception.
Regards,
Felix
>
> Thanks!
> Suvendu
>
> Stack trace:
> 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
> Deploying web application directory D:\xxx\webapps\ROOT
> 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
> - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
> org.apache.catalina.LifecycleException: Failed to start component
> [Realm[JNDIRealm]]
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
> at
> org.apache.catalina.realm.CombinedRealm.startInternal(CombinedRealm.java:201)
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5373)
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
> at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
> at
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247)
> at
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.catalina.LifecycleException: Exception opening
> directory server connection
> at
> org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2191)
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> ... 14 more
> Caused by: javax.naming.CommunicationException: localhost:389 [Root
> exception is java.net.ConnectException: Connection refused: connect]
> at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
> at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
> at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:70)
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
> at javax.naming.InitialContext.init(InitialContext.java:244)
> at javax.naming.InitialContext.<init>(InitialContext.java:216)
> at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
> at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
> at
> org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2189)
> ... 15 more
> Caused by: java.net.ConnectException: Connection refused: connect
> at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
> at
> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
> at
> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
> at
> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
> at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> at java.net.Socket.connect(Socket.java:589)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
> at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
> ... 27 more
>
> 2018-04-02 20:34:35,059 INFO org.apache.catalina.startup.HostConfig -
> Deployment of web application directory D:\xxx\webapps\ROOT has
> finished in 7,766 ms
> 2018-04-02 20:34:35,075 INFO
> org.apache.coyote.http11.Http11AprProtocol - Starting ProtocolHandler
> ["http-apr-18110"]
> 2018-04-02 20:34:35,091 INFO org.apache.coyote.ajp.AjpAprProtocol -
> Starting ProtocolHandler ["ajp-apr-18111"]
> 2018-04-02 20:34:35,091 INFO org.apache.catalina.startup.Catalina -
> Server startup in 235096 ms
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is LDAP connection failing?
Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hello Felix,
Thanks for your feedback!
Actually I realized that with userPattern I do not need to declare neither
userBase nor userSubtree.
roleSubtree="true", indeed! Nevertheless with "1" was working for me
anyway...
Cheers,
Luis
2018-04-11 11:32 GMT+02:00 Felix Schumacher <
felix.schumacher@internetallee.de>:
> Hi Luis,
>
>
> Am 05.04.2018 18:50, schrieb Luis Rodríguez Fernández:
>
>> Hello Suvendu,
>>
>> May I ask you to share your JNDIRealm configuration?
>>
>> For me something like this works:
>>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> connectionURL="ldaps://my.users.directory.com:636"
>> connectionName="CN=MY_BINDING_USER,OU=Users,OU=Organic
>> Units,DC=cern,DC=ch"
>> connectionPassword="PASSWORD"
>> userBase="OU=Users,OU=Organic Units,DC=cern,DC=ch"
>> userSubtree="false"
>> userPattern="cn={0},OU=Users,OU=Organic Units,DC=cern,DC=ch"
>>
>> roleBase="OU=BASE_ORGANIZATION_UNIT_FOR_MY_GROUPS,OU=
>> Workgroups,DC=cern,DC=ch"
>> roleSubtree="1"
>> roleName="cn"
>> roleSearch="(&(member={0})(objectclass=group))"
>> />
>>
>
> you are using userPattern to find users. In that case the userSubtree
> configuration
> will be ignored. roleSubtree should be either "true" or "false".
>
> Regards,
> Felix
>
>
>
>> Hope it helps,
>>
>> Luis
>>
>>
>>
>>
>>
>>
>>
>>
>> 2018-04-05 15:32 GMT+02:00 Suvendu Sekhar Mondal <su...@gmail.com>:
>>
>> Hello Everyone,
>>>
>>> Recently in one of our environments I am seeing following log in
>>> Catalina.out. It seems that LDAP connection is failing. This issue is
>>> sporadic and goes away with Tomcat recycle.
>>>
>>> One interesting thing is "localhost:389" part. I could not find out
>>> any configuration related to that. It could happen that I am not
>>> looking at the correct place.
>>>
>>> We have 200+ JVMs out there which were starting up simultaneously but
>>> this happens for some of them sporadically. I suspect that some race
>>> condition might be causing this failure but could not found any
>>> evidence so far. Can someone please suggest how can I identify what is
>>> failing? and why it is failing?
>>>
>>> Thanks!
>>> Suvendu
>>>
>>> Stack trace:
>>> 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
>>> Deploying web application directory D:\xxx\webapps\ROOT
>>> 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
>>> - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
>>> org.apache.catalina.LifecycleException: Failed to start component
>>> [Realm[JNDIRealm]]
>>> at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:154)
>>> at org.apache.catalina.realm.CombinedRealm.startInternal(
>>> CombinedRealm.java:201)
>>> at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>> at org.apache.catalina.core.StandardContext.startInternal(
>>> StandardContext.java:5373)
>>> at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>> at org.apache.catalina.core.ContainerBase.addChildInternal(
>>> ContainerBase.java:901)
>>> at org.apache.catalina.core.ContainerBase.addChild(
>>> ContainerBase.java:877)
>>> at org.apache.catalina.core.StandardHost.addChild(
>>> StandardHost.java:649)
>>> at org.apache.catalina.startup.HostConfig.deployDirectory(
>>> HostConfig.java:1247)
>>> at org.apache.catalina.startup.HostConfig$DeployDirectory.
>>> run(HostConfig.java:1898)
>>> at java.util.concurrent.Executors$RunnableAdapter.
>>> call(Executors.java:511)
>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>> ThreadPoolExecutor.java:1142)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>> ThreadPoolExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>> Caused by: org.apache.catalina.LifecycleException: Exception opening
>>> directory server connection
>>> at org.apache.catalina.realm.JNDIRealm.startInternal(
>>> JNDIRealm.java:2191)
>>> at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>> ... 14 more
>>> Caused by: javax.naming.CommunicationException: localhost:389 [Root
>>> exception is java.net.ConnectException: Connection refused: connect]
>>> at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
>>> at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
>>> at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
>>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
>>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
>>> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
>>> LdapCtxFactory.java:70)
>>> at javax.naming.spi.NamingManager.getInitialContext(
>>> NamingManager.java:684)
>>> at javax.naming.InitialContext.getDefaultInitCtx(
>>> InitialContext.java:313)
>>> at javax.naming.InitialContext.init(InitialContext.java:244)
>>> at javax.naming.InitialContext.<init>(InitialContext.java:216)
>>> at javax.naming.directory.InitialDirContext.<init>(
>>> InitialDirContext.java:101)
>>> at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
>>> at org.apache.catalina.realm.JNDIRealm.startInternal(
>>> JNDIRealm.java:2189)
>>> ... 15 more
>>> Caused by: java.net.ConnectException: Connection refused: connect
>>> at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
>>> at java.net.AbstractPlainSocketImpl.doConnect(
>>> AbstractPlainSocketImpl.java:350)
>>> at java.net.AbstractPlainSocketImpl.connectToAddress(
>>> AbstractPlainSocketImpl.java:206)
>>> at java.net.AbstractPlainSocketImpl.connect(
>>> AbstractPlainSocketImpl.java:188)
>>> at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
>>> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>>> at java.net.Socket.connect(Socket.java:589)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>>> NativeMethodAccessorImpl.java:62)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>> DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
>>> at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
>>> ... 27 more
>>>
>>> 2018-04-02 20:34:35,059 INFO org.apache.catalina.startup.HostConfig -
>>> Deployment of web application directory D:\xxx\webapps\ROOT has
>>> finished in 7,766 ms
>>> 2018-04-02 20:34:35,075 INFO
>>> org.apache.coyote.http11.Http11AprProtocol - Starting ProtocolHandler
>>> ["http-apr-18110"]
>>> 2018-04-02 20:34:35,091 INFO org.apache.coyote.ajp.AjpAprProtocol -
>>> Starting ProtocolHandler ["ajp-apr-18111"]
>>> 2018-04-02 20:34:35,091 INFO org.apache.catalina.startup.Catalina -
>>> Server startup in 235096 ms
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
Re: Is LDAP connection failing?
Posted by Felix Schumacher <fe...@internetallee.de>.
Hi Luis,
Am 05.04.2018 18:50, schrieb Luis Rodríguez Fernández:
> Hello Suvendu,
>
> May I ask you to share your JNDIRealm configuration?
>
> For me something like this works:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldaps://my.users.directory.com:636"
> connectionName="CN=MY_BINDING_USER,OU=Users,OU=Organic
> Units,DC=cern,DC=ch"
> connectionPassword="PASSWORD"
> userBase="OU=Users,OU=Organic Units,DC=cern,DC=ch"
> userSubtree="false"
> userPattern="cn={0},OU=Users,OU=Organic Units,DC=cern,DC=ch"
>
>
> roleBase="OU=BASE_ORGANIZATION_UNIT_FOR_MY_GROUPS,OU=Workgroups,DC=cern,DC=ch"
> roleSubtree="1"
> roleName="cn"
> roleSearch="(&(member={0})(objectclass=group))"
> />
you are using userPattern to find users. In that case the userSubtree
configuration
will be ignored. roleSubtree should be either "true" or "false".
Regards,
Felix
>
> Hope it helps,
>
> Luis
>
>
>
>
>
>
>
>
> 2018-04-05 15:32 GMT+02:00 Suvendu Sekhar Mondal <su...@gmail.com>:
>
>> Hello Everyone,
>>
>> Recently in one of our environments I am seeing following log in
>> Catalina.out. It seems that LDAP connection is failing. This issue is
>> sporadic and goes away with Tomcat recycle.
>>
>> One interesting thing is "localhost:389" part. I could not find out
>> any configuration related to that. It could happen that I am not
>> looking at the correct place.
>>
>> We have 200+ JVMs out there which were starting up simultaneously but
>> this happens for some of them sporadically. I suspect that some race
>> condition might be causing this failure but could not found any
>> evidence so far. Can someone please suggest how can I identify what is
>> failing? and why it is failing?
>>
>> Thanks!
>> Suvendu
>>
>> Stack trace:
>> 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
>> Deploying web application directory D:\xxx\webapps\ROOT
>> 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
>> - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
>> org.apache.catalina.LifecycleException: Failed to start component
>> [Realm[JNDIRealm]]
>> at org.apache.catalina.util.LifecycleBase.start(
>> LifecycleBase.java:154)
>> at org.apache.catalina.realm.CombinedRealm.startInternal(
>> CombinedRealm.java:201)
>> at org.apache.catalina.util.LifecycleBase.start(
>> LifecycleBase.java:150)
>> at org.apache.catalina.core.StandardContext.startInternal(
>> StandardContext.java:5373)
>> at org.apache.catalina.util.LifecycleBase.start(
>> LifecycleBase.java:150)
>> at org.apache.catalina.core.ContainerBase.addChildInternal(
>> ContainerBase.java:901)
>> at org.apache.catalina.core.ContainerBase.addChild(
>> ContainerBase.java:877)
>> at org.apache.catalina.core.StandardHost.addChild(
>> StandardHost.java:649)
>> at org.apache.catalina.startup.HostConfig.deployDirectory(
>> HostConfig.java:1247)
>> at org.apache.catalina.startup.HostConfig$DeployDirectory.
>> run(HostConfig.java:1898)
>> at java.util.concurrent.Executors$RunnableAdapter.
>> call(Executors.java:511)
>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>> ThreadPoolExecutor.java:1142)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>> ThreadPoolExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: org.apache.catalina.LifecycleException: Exception opening
>> directory server connection
>> at org.apache.catalina.realm.JNDIRealm.startInternal(
>> JNDIRealm.java:2191)
>> at org.apache.catalina.util.LifecycleBase.start(
>> LifecycleBase.java:150)
>> ... 14 more
>> Caused by: javax.naming.CommunicationException: localhost:389 [Root
>> exception is java.net.ConnectException: Connection refused: connect]
>> at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
>> at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
>> at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
>> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
>> LdapCtxFactory.java:70)
>> at javax.naming.spi.NamingManager.getInitialContext(
>> NamingManager.java:684)
>> at javax.naming.InitialContext.getDefaultInitCtx(
>> InitialContext.java:313)
>> at javax.naming.InitialContext.init(InitialContext.java:244)
>> at javax.naming.InitialContext.<init>(InitialContext.java:216)
>> at javax.naming.directory.InitialDirContext.<init>(
>> InitialDirContext.java:101)
>> at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
>> at org.apache.catalina.realm.JNDIRealm.startInternal(
>> JNDIRealm.java:2189)
>> ... 15 more
>> Caused by: java.net.ConnectException: Connection refused: connect
>> at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
>> at java.net.AbstractPlainSocketImpl.doConnect(
>> AbstractPlainSocketImpl.java:350)
>> at java.net.AbstractPlainSocketImpl.connectToAddress(
>> AbstractPlainSocketImpl.java:206)
>> at java.net.AbstractPlainSocketImpl.connect(
>> AbstractPlainSocketImpl.java:188)
>> at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
>> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>> at java.net.Socket.connect(Socket.java:589)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>> NativeMethodAccessorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>> DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
>> at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
>> ... 27 more
>>
>> 2018-04-02 20:34:35,059 INFO org.apache.catalina.startup.HostConfig -
>> Deployment of web application directory D:\xxx\webapps\ROOT has
>> finished in 7,766 ms
>> 2018-04-02 20:34:35,075 INFO
>> org.apache.coyote.http11.Http11AprProtocol - Starting ProtocolHandler
>> ["http-apr-18110"]
>> 2018-04-02 20:34:35,091 INFO org.apache.coyote.ajp.AjpAprProtocol -
>> Starting ProtocolHandler ["ajp-apr-18111"]
>> 2018-04-02 20:34:35,091 INFO org.apache.catalina.startup.Catalina -
>> Server startup in 235096 ms
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is LDAP connection failing?
Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hello Suvendu,
May I ask you to share your JNDIRealm configuration?
For me something like this works:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://my.users.directory.com:636"
connectionName="CN=MY_BINDING_USER,OU=Users,OU=Organic
Units,DC=cern,DC=ch"
connectionPassword="PASSWORD"
userBase="OU=Users,OU=Organic Units,DC=cern,DC=ch"
userSubtree="false"
userPattern="cn={0},OU=Users,OU=Organic Units,DC=cern,DC=ch"
roleBase="OU=BASE_ORGANIZATION_UNIT_FOR_MY_GROUPS,OU=Workgroups,DC=cern,DC=ch"
roleSubtree="1"
roleName="cn"
roleSearch="(&(member={0})(objectclass=group))"
/>
Hope it helps,
Luis
2018-04-05 15:32 GMT+02:00 Suvendu Sekhar Mondal <su...@gmail.com>:
> Hello Everyone,
>
> Recently in one of our environments I am seeing following log in
> Catalina.out. It seems that LDAP connection is failing. This issue is
> sporadic and goes away with Tomcat recycle.
>
> One interesting thing is "localhost:389" part. I could not find out
> any configuration related to that. It could happen that I am not
> looking at the correct place.
>
> We have 200+ JVMs out there which were starting up simultaneously but
> this happens for some of them sporadically. I suspect that some race
> condition might be causing this failure but could not found any
> evidence so far. Can someone please suggest how can I identify what is
> failing? and why it is failing?
>
> Thanks!
> Suvendu
>
> Stack trace:
> 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
> Deploying web application directory D:\xxx\webapps\ROOT
> 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
> - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
> org.apache.catalina.LifecycleException: Failed to start component
> [Realm[JNDIRealm]]
> at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:154)
> at org.apache.catalina.realm.CombinedRealm.startInternal(
> CombinedRealm.java:201)
> at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:150)
> at org.apache.catalina.core.StandardContext.startInternal(
> StandardContext.java:5373)
> at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:150)
> at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:901)
> at org.apache.catalina.core.ContainerBase.addChild(
> ContainerBase.java:877)
> at org.apache.catalina.core.StandardHost.addChild(
> StandardHost.java:649)
> at org.apache.catalina.startup.HostConfig.deployDirectory(
> HostConfig.java:1247)
> at org.apache.catalina.startup.HostConfig$DeployDirectory.
> run(HostConfig.java:1898)
> at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.catalina.LifecycleException: Exception opening
> directory server connection
> at org.apache.catalina.realm.JNDIRealm.startInternal(
> JNDIRealm.java:2191)
> at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:150)
> ... 14 more
> Caused by: javax.naming.CommunicationException: localhost:389 [Root
> exception is java.net.ConnectException: Connection refused: connect]
> at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
> at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
> at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
> LdapCtxFactory.java:70)
> at javax.naming.spi.NamingManager.getInitialContext(
> NamingManager.java:684)
> at javax.naming.InitialContext.getDefaultInitCtx(
> InitialContext.java:313)
> at javax.naming.InitialContext.init(InitialContext.java:244)
> at javax.naming.InitialContext.<init>(InitialContext.java:216)
> at javax.naming.directory.InitialDirContext.<init>(
> InitialDirContext.java:101)
> at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
> at org.apache.catalina.realm.JNDIRealm.startInternal(
> JNDIRealm.java:2189)
> ... 15 more
> Caused by: java.net.ConnectException: Connection refused: connect
> at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
> at java.net.AbstractPlainSocketImpl.doConnect(
> AbstractPlainSocketImpl.java:350)
> at java.net.AbstractPlainSocketImpl.connectToAddress(
> AbstractPlainSocketImpl.java:206)
> at java.net.AbstractPlainSocketImpl.connect(
> AbstractPlainSocketImpl.java:188)
> at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> at java.net.Socket.connect(Socket.java:589)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
> at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
> ... 27 more
>
> 2018-04-02 20:34:35,059 INFO org.apache.catalina.startup.HostConfig -
> Deployment of web application directory D:\xxx\webapps\ROOT has
> finished in 7,766 ms
> 2018-04-02 20:34:35,075 INFO
> org.apache.coyote.http11.Http11AprProtocol - Starting ProtocolHandler
> ["http-apr-18110"]
> 2018-04-02 20:34:35,091 INFO org.apache.coyote.ajp.AjpAprProtocol -
> Starting ProtocolHandler ["ajp-apr-18111"]
> 2018-04-02 20:34:35,091 INFO org.apache.catalina.startup.Catalina -
> Server startup in 235096 ms
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett