You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by William Stranathan <sh...@gmail.com> on 2005/03/19 16:04:59 UTC

JNDI Realm Disconnect Issues

I opened a bug several weeks ago and have seen no traffic on it, and
have posted to the user list twice with no answer, so I'll try here. 
I apologize for mis-posting if I have.

I opened a bug on this a couple of weeks ago, but it hasn't been
touched.  Maybe other folks have seen this behavior...

I'm using the LDAP realm for AAA in my application.  However, the LDAP
server it connects to drops stale sessions after a pretty short time.
Evidently, Tomcat tries to keep connections open so it doesn't have to
connect later on.  Unfortunately, this causes authentication failures
because the host it wants to connect with is no longer there (er...the
connection isn't, anyhow).  After one failure, Tomcat drops the
connection, the user tries again, and gets in.  But 5 minutes later,
the next user will have to try again.

Here's the stack trace that get's logged:

2005-03-11 08:33:47 JNDIRealm[/iso]:   Searching for billybob
2005-03-11 08:33:47 JNDIRealm[/iso]:   base:
ou=users,dc=mycompany,dc=com  filter:
(&(objectClass=appUser)(uid=billybob))
2005-03-11 08:33:47 JNDIRealm[/iso]: Exception performing authentication
javax.naming.CommunicationException: Request: 7 cancelled; remaining
name 'ou=users,dc=mycompany,dc=com'
      at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)
      at com.sun.jndi.ldap.Connection.readReply(Connection.java:405)
      at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
      at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
      at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1944)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1806)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
      at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
      at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1074)
      at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:967)
      at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:916)
      at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:809)
      at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:235)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
      at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
      at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
      at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
      at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
      at java.lang.Thread.run(Thread.java:595)

2005-03-11 08:33:47 JNDIRealm[/iso]: Closing directory context

Any magic undocumented setting that will work around this?

Thanks,
Will

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org