LDAP authentication (broken?) in 5.5.17 vs 5.5.9

[Patricia Goldweic <pg...@northwestern.edu>]

Hi,
I have an application that when run under Tomcat 5.5.9, behaves 
nicely in terms of LDAP authentication. However, when I move this 
application to Tomcat 5.5.17, authentication is broken (I am 
presented with the username/password screen from Tomcat, but it is as 
if Tomcat never connects to the ldap server, and so it keeps 
presenting me the same login dialog over and over).
My details are as follows: I am using a configuration file for this 
webapp that lives under conf/localhost, and that contains the following:
><?xml version='1.0' encoding='utf-8'?>
><Context workDir="work/Catalina/localhost/musictest" 
>path="/musictest" 
>docBase="/usr/local/music-tomcat/apache-tomcat-5.5.17/webapps/musictest">
>  <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>           connectionName="<my-connection-name>"
>           connectionPassword="<my-connection-password>"
>           connectionURL="<my-connection-url>"
>           userPattern="<my-connection-user-pattern>"
>  />
></Context>

The only possibly-related error message that I see in the logs, is at 
the top of the 'localhost.<date>.log' file, and which reads:
>WARNING: Exception performing authentication
>javax.naming.CommunicationException: connection closed [Root 
>exception is java.io.IOException: connection closed]; remaining name 
>'uid=pgo586,ou=people,dc=northwestern,dc=edu'
>         at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1961)
>         at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1893)
>         at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1286)
>         at 
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
>         at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
>         at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109)
>         at 
> javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:123)
>         at 
> org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:992)
>         at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:956)
>         at 
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:882)
>         at 
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:808)
>         at 
> org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)
>         at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
>         at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
>         at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>         at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
>         at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
>         at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
>         at 
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
>         at 
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
>         at 
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
>         at 
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>         at java.lang.Thread.run(Thread.java:595)
>Caused by: java.io.IOException: connection closed
>         at com.sun.jndi.ldap.LdapClient.ensureOpen(LdapClient.java:1558)
>         at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:504)
>         at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1944)
>         ... 22 more

The rest of the file has no warnings or error messages as I 
repeatedly try to login using the Tomcat login dialog. Please note 
that with an exact same configuration, it all works well under Tomcat 5.5.9.

Can somebody suggest what the problem could be here? Or, is there an 
ldap-related bug in Tomcat 5.5.17 that can explain this behavior?
At the time, I decided to stick with Tomcat 5.5.9 for another while, 
but this is obviously not a long term solution :-( :-(

Thanks in advance for any help,
-Patricia


Patricia Goldweic
pgoldweic@northwestern.edu 



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org