DO NOT REPLY [Bug 50775] New: JNDIRealm fails with ServiceUnavailableException and NotContextException

Mon, 14 Feb 2011 13:19:39 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=50775

           Summary: JNDIRealm fails with ServiceUnavailableException and
                    NotContextException
           Product: Tomcat 6
           Version: 6.0.29
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: d...@danshome.net
                CC: shi1w...@gmail.com
        Depends on: 33774


+++ This bug was initially created as a clone of Bug #33774 +++
JNDIRealm fails with ServiceUnavailableException and NotContextException

We are experiencing an issue very similar to the one reported in
https://issues.apache.org/bugzilla/show_bug.cgi?id=33774

After Tomcat is running for some period of time, any attempts to use the JNDI
Realm fail with a ServiceUnavailableException and NotContextException (see full
exception below).  A restart of Tomcat is required to fix the problem.  We only
see this issue on Linux (Linux details below). We are running the exact same
Tomcat binaries (not the native libraries of course) and configuration on
Windows 2003 R2 and AIX 5.3 and we don't see this issue. I added alternateURL
in hopes it might help, but the problem still exists.  

My JNDI Realm Definition:

      <Realm className="org.apache.catalina.realm.JNDIRealm"
        connectionURL="ldap://ldap01:389";
    alternateURL="ldap://ldap02:389";
        connectionName="uid=ldapbind,cn=Applications,cn=MYSCOPE"
        connectionPassword="********"
        userBase="cn=MYSCOPE"
        userSearch="(uid={0})"
        userSubtree="true"
        roleBase="cn=MYSCOPE"
        roleSearch="(uniqueMember={0})"
        roleSubtree="true"
        roleName="cn"
      />

Tomcat Version Information:

Feb 14, 2011 5:12:15 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
...
Feb 14, 2011 5:12:19 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
...
Feb 14, 2011 5:12:31 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.29

Java Version Information:
[root@AS01 bin]# ./java -version
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) Server VM (build 17.1-b03, mixed mode)

Linux Version Information:
[root@AS01 ~]# cat /etc/redhat-release 
CentOS release 5.3 (Final)
[root@AS01 ~]# uname -a
Linux AS01.dev.local 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:19:18 EDT 2009 i686
i686 i386 GNU/Linux


Feb 14, 2011 2:17:12 PM org.apache.catalina.realm.JNDIRealm authenticate
WARNING: Exception performing authentication
javax.naming.ServiceUnavailableException: ldap01:389; socket closed; remaining
name 'cn=MYSCOPE'
    at com.sun.jndi.ldap.Connection.readReply(Connection.java:419)
    at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
    at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
    at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
    at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1340)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1188)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1147)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1089)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:947)
    at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
    at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
    at
org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:269)
    at
org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:81)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at
org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
    at
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
    at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
    at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
    at java.lang.Thread.run(Thread.java:662)
Feb 14, 2011 2:17:12 PM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.NotContextException: Not an instance of DirContext
    at
javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:92)
    at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
    at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1340)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1188)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1147)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1089)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:994)
    at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
    at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
    at
org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:269)
    at
org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:81)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at
org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
    at
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
    at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
    at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
    at java.lang.Thread.run(Thread.java:662)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to