I apologize for posting this again - I just didn't hear anything (a
lot of sprited discussions going on at the time) and wanted to give
this one more shot here before sending to the developer list.
I opened a bug on this a couple of weeks ago, but it hasn't been
touched. Maybe other folks have seen this behavior...
I'm using the LDAP realm for AAA in my application. However, the LDAP
server it connects to drops stale sessions after a pretty short time.
Evidently, Tomcat tries to keep connections open so it doesn't have to
connect later on. Unfortunately, this causes authentication failures
because the host it wants to connect with is no longer there (er...the
connection isn't, anyhow). After one failure, Tomcat drops the
connection, the user tries again, and gets in. But 5 minutes later,
the next user will have to try again.
Here's the stack trace that get's logged:
2005-03-11 08:33:47 JNDIRealm[/iso]: Searching for billybob
2005-03-11 08:33:47 JNDIRealm[/iso]: base:
ou=users,dc=mycompany,dc=com filter:
((objectClass=appUser)(uid=billybob))
2005-03-11 08:33:47 JNDIRealm[/iso]: Exception performing authentication
javax.naming.CommunicationException: Request: 7 cancelled; remaining
name 'ou=users,dc=mycompany,dc=com'
at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)
at com.sun.jndi.ldap.Connection.readReply(Connection.java:405)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1944)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1806)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1074)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:967)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:916)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:809)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:235)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
2005-03-11 08:33:47 JNDIRealm[/iso]: Closing directory context
Any magic undocumented setting that will work around this?
Thanks,
Will
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
