Re:

Tue, 28 Oct 2008 05:32:20 -0700 

I would start looking at the logs of the AD server
It seems the AD server has refused the connection, so maybe there is a more
clear error there
I meant the errors you had when building commons for log4j (since you said
you couldn't build it)
Have you tried manually connecting to the AD server with a commandline LDAP
client
Perhaps you can try to telnet to the address you connect to
Since these errors at this time not yet make sense, perhaps it is advisable
to run wireshark on the AD server and perform a netstat to verify sockets
are listeneing as you would expect.
Is the tomcat host and the AD server the same system (have you tried on
another system) windows has it quirks(not being able to connecto to the
local IP for example
Regards,

Serge Fonville
On Tue, Oct 28, 2008 at 1:13 PM, Hisham Farahat <[EMAIL PROTECTED]>wrote:

> Ok, i used the normal logger with ALL messages showing out, here is the
> part
> of the log where the error occurred:
>
> Oct 28, 2008 2:21:07 PM org.apache.catalina.realm.JNDIRealm getRoles
> FINER:   Found role Infonet-Admins
> Oct 28, 2008 2:24:07 PM org.apache.catalina.core.StandardHostValve custom
> FINE: Processing ErrorPage[errorCode=401, location=/401.jsp]
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getUserBySearch
> FINER:   entry found for tomcat with dn
> CN=tomcat,CN=Users,DC=company,DC=com
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm bindAsUser
> FINER:   validating credentials by binding as the user
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm bindAsUser
> FINER:   binding as CN=tomcat,CN=Users,DC=company,DC=com
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> checkCredentials
> FINER: Username tomcat successfully authenticated
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> FINER:   getRoles(CN=tomcat,CN=Users,DC=company,DC=com)
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> addAttributeValues
> FINER:   retrieving values for attribute description
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> addAttributeValues
> FINER:   retrieving values for attribute description
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> addAttributeValues
> FINER:   retrieving values for attribute description
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> FINER:   Returning 3 roles
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> FINER:   Found role admin
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> FINER:   Found role manager
> Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> FINER:   Found role Infonet-Admins
> Oct 28, 2008 2:33:22 PM org.apache.catalina.core.ApplicationDispatcher
> doForward
> FINE:  Disabling the response for futher output
> Oct 28, 2008 2:33:26 PM org.apache.catalina.realm.JNDIRealm authenticate
> SEVERE: Exception performing authentication
> javax.naming.PartialResultException [Root exception is
> javax.naming.CommunicationException: company.com:389 [Root exception is
> java.net.ConnectException: Connection refused: connect]]
>    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
>    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown
> Source)
>    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
>    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown
> Source)
>    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
>    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
>    at
> org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1097)
>    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:992)
>    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:941)
>    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:810)
>    at
>
> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
>    at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
>    at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>    at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>    at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>    at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>    at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>    at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>    at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>    at java.lang.Thread.run(Unknown Source)
> Caused by: javax.naming.CommunicationException: company.com:389 [Root
> exception is java.net.ConnectException: Connection refused: connect]
>    at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source)
>    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown
> Source)
>    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown
> Source)
>    ... 20 more
> Caused by: java.net.ConnectException: Connection refused: connect
>    at java.net.PlainSocketImpl.socketConnect(Native Method)
>    at java.net.PlainSocketImpl.doConnect(Unknown Source)
>    at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
>    at java.net.PlainSocketImpl.connect(Unknown Source)
>    at java.net.SocksSocketImpl.connect(Unknown Source)
>    at java.net.Socket.connect(Unknown Source)
>    at java.net.Socket.connect(Unknown Source)
>    at java.net.Socket.<init>(Unknown Source)
>    at java.net.Socket.<init>(Unknown Source)
>    at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
>    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
>    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
>    at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
>    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
>    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
>    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
>    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
>    at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(Unknown
> Source)
>    at javax.naming.spi.NamingManager.getURLObject(Unknown Source)
>    at javax.naming.spi.NamingManager.processURL(Unknown Source)
>    at javax.naming.spi.NamingManager.processURLAddrs(Unknown Source)
>    at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
>    ... 23 more
> Oct 28, 2008 2:33:26 PM org.apache.catalina.realm.JNDIRealm close
> FINE: Closing directory context
> Oct 28, 2008 2:33:26 PM org.apache.catalina.core.ApplicationDispatcher
> doForward
> FINE:  Disabling the response for futher output
>
> The error 401 is very strange, because i did not access the the system that
> time.
>
> BTW the session expiration is 5 minuets.
>
> Please Help me in this.
>
>
>
> On Tue, Oct 28, 2008 at 1:39 PM, Serge Fonville <[EMAIL PROTECTED]
> >wrote:
>
> > You can build it on windows, since ant for windows can be downloaded the
> > same as for any other platform it is available for
> > the fact tomcat was installed as a service has no impact on what can and
> > can't be loaded inside tomcat
> > since tomcat loads it's configuration file on startup and has all
> libraies
> > in its classpath avaiable to it.
> > the rest can be found on the tomcat website about logging (which yoiu
> > clearly already found)
> >
> > Perhaps you got a specific error during building.
> > If so, what was it and what steps did you take (before,during,after)
> >
> > Regards,
> >
> > Serge Fonville
> > On Tue, Oct 28, 2008 at 11:17 AM, Hisham Farahat <
> [EMAIL PROTECTED]
> > >wrote:
> >
> > > I have used Softerra LDAP Admin and it worked while tomcat did not.
> > >
> > > How can i increase the verbosity ? i tried to configure log4j, but i
> > could
> > > not build the extra component (extra.xml) because i'm on windows
> machine
> > > and
> > > i've installed tomcat using windows service installer.
> > > Any ideas?
> > >
> > > thanks for your help!! *using windows service instdallerrrr**log4jl*
> > >
> > > On Mon, Oct 27, 2008 at 1:13 PM, Serge Fonville <
> > [EMAIL PROTECTED]
> > > >wrote:
> > >
> > > > Perhaps if you download Symas OpenLDAP 2.3 (CDS v3) Silver
> > > > Edition<javascript:uiform_click('xanchor_2212_5')> (Requires
> > > > registration) (an ldap server for windows), you can use the
> > accompanying
> > > > uilities to try and do the same tomcat does.That way you can try to
> > > > determine if there is anything related to the configuration that is
> > > > incorrect.
> > > > Also if you increase the verbosity of the
> > > > logging<http://tomcat.apache.org/tomcat-6.0-doc/logging.html>you
> might
> > >  > be able to determine what exactly went wrong.
> > > >
> > > > Hope this helps
> > > >
> > > > Regards,
> > > >
> > > > Serge Fonville
> > > >
> > > > Links:
> > > >
> > > >
> > > > On Mon, Oct 27, 2008 at 10:33 AM, Hisham Farahat <
> > > [EMAIL PROTECTED]
> > > > >wrote:
> > > >
> > > > > It is on a separate server, running windows server 2003.
> > > > > And no wrong passwords attempts, it happens from the 1st attempt.
> > > > >
> > > > > Sorry for the title thing :)
> > > > >
> > > > > On Mon, Oct 27, 2008 at 12:20 PM, André Warnier <[EMAIL PROTECTED]>
> > wrote:
> > > > >
> > > > > > Hisham Farahat wrote:
> > > > > >
> > > > > >>  Dear All,
> > > > > >> I have a problem with my web application. I configured tomcat
> 6.0
> > to
> > > > > >> authenticate users through Realm ( LDAP), it connects to an
> active
> > > > > >> directory
> > > > > >> server. Everything seems OK, but sometimes the connection could
> > not
> > > be
> > > > > >> established ( Connection refused ) and it continues with this
> > state
> > > > for
> > > > > ~
> > > > > >> 10
> > > > > >> minutes. Stopping and starting tomcat again won't affect
> anything,
> > I
> > > > > >> should
> > > > > >> restart the machine so that users can access the web application
> > > > > normally
> > > > > >> (
> > > > > >> or just wait for 10 minutes). How can I solve this problem?
> > > > > >> Regards,
> > > > > >>
> > > > > >
> > > > > > As someone else asked, you need to provide some additional
> details,
> > > > such
> > > > > as
> > > > > > :
> > > > > > - is this Tomcat running on your workstation ? else on what ?
> > > > > >
> > > > > > With only the explanation above, I would guess that the LDAP
> server
> > > > > somehow
> > > > > > (maybe after a few unsuccesful attempts with bad passwords ?),
> puts
> > > > your
> > > > > > Tomcat server on some blacklist, and refuses connections from it.
> > > > > > Maybe when you reboot the machine, it gets a different IP address
> > and
> > > > is
> > > > > > thus no longer on the blacklist at first ?
> > > > > >
> > > > > > It does not sound like a specific Tomcat issue though.
> > > > > >
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To start a new topic, e-mail: users@tomcat.apache.org
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Hisham Farahat
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Hisham Farahat
> > >
> >
>
>
>
> --
> Hisham Farahat
>
  • Re: Hisham Farahat
    • Re: Serge Fonville
      • Re: Hisham Farahat
        • Re: Hisham Farahat
    • Re: André Warnier
      • Re: Hisham Farahat
        • Re: Serge Fonville
          • Re: Hisham Farahat
            • Re: Serge Fonville
              • Re: Hisham Farahat
                • Re: Serge Fonville
                • Re: Hisham Farahat
    • Re: André Warnier

Reply via email to