You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Phill Perryman <ph...@alstonelane.com> on 2013/12/13 16:18:20 UTC
LDPA Authentication Failure
I have set up the following authentication to the ldap server. I can log
into this server using the LdapAdmin browser ok.
Running 7.0.34 (I think its 34 but I can't bring the server up at the
moment)
I am getting a stack trace
Dec 13, 2013 1:56:35 PM org.apache.catalina.realm.JNDIRealm open
WARNING: Exception performing authentication
javax.naming.CommunicationException: localhost:389 [Root exception is
java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
I am not connecting to local host so I don't understand the message. None
of the other files in conf have been touched.
I tried searching and found lots of references but no real solutions.
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">
<Realm className="org.apache.catalina.realm.JNDIRealm">
debug="99"
connectionName="cn=xxx,o=mitelinternet"
connectionPassword="xxx"
connectionURL="ldap://ottedev02.mitel.com:389"
alternateURL="ldap://ottedev02.mitel.com:389"
userPattern="uid={0},o=mitelinternet"
roleBase="o=mitelinternet"
roleSubtree="true"
roleSearch="(member={0})"
roleName="cn"
</Realm>
Regards, Phill
RE: LDPA Authentication Failure
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: André Warnier [mailto:aw@ice-sa.com]
> Subject: Re: LDPA Authentication Failure
> That's because you have :
> <Realm className="org.apache.catalina.realm.JNDIRealm">
> ... text ...
> </Realm>
> So in fact <Realm> has one attribute ("className"), but not the other
> ones that you thought it has.
And while the OP is fixing that, he should also remove the debug= attribute, since that hasn't been used in about a decade.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: LDPA Authentication Failure
Posted by André Warnier <aw...@ice-sa.com>.
Cédric Couralet wrote:
...
>
> Is it really the definition that you have in server.xml or is a typo?
> As it is written, the Realm has no attribute which may explain the
> localhost in the message (default in JNDI).
>
and Cedric means :
> Is it really the definition that you have in server.xml or is a typo?
> As it is written the Realm has no attribute, (comma)
> which may explain the
> localhost in the message (default in JNDI).
That's because you have :
<Realm className="org.apache.catalina.realm.JNDIRealm">
... text ...
</Realm>
So in fact <Realm> has one attribute ("className"), but not the other ones that you
thought it has.
(By the way, that was still a good catch from Cedric. I had to re-read the whole thing at
leat 3 times before I saw it myself and understood what he meant.)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: LDPA Authentication Failure
Posted by Phill <ph...@alstonelane.com>.
Thanks, I have been staring at it for ages. The > is a massive typo.
I had the debug as it is included in lots of examples dated 2012+
I will remove it.
No wonder the changes I was making seemed to have no effect.
Sent from my iPad
On 13 Dec 2013, at 16:07, Cédric Couralet <ce...@gmail.com> wrote:
> 2013/12/13 Phill Perryman <ph...@alstonelane.com>:
>> I have set up the following authentication to the ldap server. I can log
>> into this server using the LdapAdmin browser ok.
>>
>> Running 7.0.34 (I think its 34 but I can't bring the server up at the
>> moment)
>>
>> I am getting a stack trace
>>
>> Dec 13, 2013 1:56:35 PM org.apache.catalina.realm.JNDIRealm open
>> WARNING: Exception performing authentication
>> javax.naming.CommunicationException: localhost:389 [Root exception is
>> java.net.ConnectException: Connection refused: connect]
>> at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
>>
>
> Does the authentication fail at the time of this warning? It may
> happen that the connection is finished on the ldap server when tomcat
> tries to authenticate the user, but tomcat should retry anyway after
> this message (which has an INFO level in recents versions)
>
>> I am not connecting to local host so I don't understand the message. None
>> of the other files in conf have been touched.
>>
>> I tried searching and found lots of references but no real solutions.
>>
>> <Engine name="Catalina" defaultHost="localhost">
>> <Host name="localhost" appBase="webapps" unpackWARs="true"
>> autoDeploy="true">
>> <Realm className="org.apache.catalina.realm.JNDIRealm">
>> debug="99"
>> connectionName="cn=xxx,o=mitelinternet"
>> connectionPassword="xxx"
>> connectionURL="ldap://ottedev02.mitel.com:389"
>> alternateURL="ldap://ottedev02.mitel.com:389"
>> userPattern="uid={0},o=mitelinternet"
>> roleBase="o=mitelinternet"
>> roleSubtree="true"
>> roleSearch="(member={0})"
>> roleName="cn"
>> </Realm>
>>
>
> Is it really the definition that you have in server.xml or is a typo?
> As it is written, the Realm has no attribute which may explain the
> localhost in the message (default in JNDI).
>
> May be you meant :
> .
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> debug="99"
>> connectionName="cn=xxx,o=mitelinternet"
>> connectionPassword="xxx"
>> connectionURL="ldap://ottedev02.mitel.com:389"
>> alternateURL="ldap://ottedev02.mitel.com:389"
>> userPattern="uid={0},o=mitelinternet"
>> roleBase="o=mitelinternet"
>> roleSubtree="true"
>> roleSearch="(member={0})"
>> roleName="cn">
>> </Realm>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: LDPA Authentication Failure
Posted by Cédric Couralet <ce...@gmail.com>.
2013/12/13 Phill Perryman <ph...@alstonelane.com>:
> I have set up the following authentication to the ldap server. I can log
> into this server using the LdapAdmin browser ok.
>
> Running 7.0.34 (I think its 34 but I can't bring the server up at the
> moment)
>
> I am getting a stack trace
>
> Dec 13, 2013 1:56:35 PM org.apache.catalina.realm.JNDIRealm open
> WARNING: Exception performing authentication
> javax.naming.CommunicationException: localhost:389 [Root exception is
> java.net.ConnectException: Connection refused: connect]
> at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
>
Does the authentication fail at the time of this warning? It may
happen that the connection is finished on the ldap server when tomcat
tries to authenticate the user, but tomcat should retry anyway after
this message (which has an INFO level in recents versions)
> I am not connecting to local host so I don't understand the message. None
> of the other files in conf have been touched.
>
> I tried searching and found lots of references but no real solutions.
>
> <Engine name="Catalina" defaultHost="localhost">
> <Host name="localhost" appBase="webapps" unpackWARs="true"
> autoDeploy="true">
> <Realm className="org.apache.catalina.realm.JNDIRealm">
> debug="99"
> connectionName="cn=xxx,o=mitelinternet"
> connectionPassword="xxx"
> connectionURL="ldap://ottedev02.mitel.com:389"
> alternateURL="ldap://ottedev02.mitel.com:389"
> userPattern="uid={0},o=mitelinternet"
> roleBase="o=mitelinternet"
> roleSubtree="true"
> roleSearch="(member={0})"
> roleName="cn"
> </Realm>
>
Is it really the definition that you have in server.xml or is a typo?
As it is written, the Realm has no attribute which may explain the
localhost in the message (default in JNDI).
May be you meant :
.
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="99"
> connectionName="cn=xxx,o=mitelinternet"
> connectionPassword="xxx"
> connectionURL="ldap://ottedev02.mitel.com:389"
> alternateURL="ldap://ottedev02.mitel.com:389"
> userPattern="uid={0},o=mitelinternet"
> roleBase="o=mitelinternet"
> roleSubtree="true"
> roleSearch="(member={0})"
> roleName="cn">
> </Realm>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org