>I meant the errors you had when building commons for log4j (since you said
>you couldn't build it)
I went to the easier way, using java.util.logger :)
>Have you tried manually connecting to the AD server with a commandline LDAP
>client
yes, using a program called Softerra LDAP Admin. And it connects normally.
>is the tomcat host and the AD server the same system?
No it is not.
Looking at the AD logs, and verifying sockets needs the system admin
authorization. I'll check with him.
Thanks :)
On Tue, Oct 28, 2008 at 3:31 PM, Serge Fonville <[EMAIL PROTECTED]>wrote:
> I would start looking at the logs of the AD server
> It seems the AD server has refused the connection, so maybe there is a more
> clear error there
> I meant the errors you had when building commons for log4j (since you said
> you couldn't build it)
> Have you tried manually connecting to the AD server with a commandline LDAP
> client
> Perhaps you can try to telnet to the address you connect to
> Since these errors at this time not yet make sense, perhaps it is advisable
> to run wireshark on the AD server and perform a netstat to verify sockets
> are listeneing as you would expect.
> Is the tomcat host and the AD server the same system (have you tried on
> another system) windows has it quirks(not being able to connecto to the
> local IP for example
> Regards,
>
> Serge Fonville
> On Tue, Oct 28, 2008 at 1:13 PM, Hisham Farahat <[EMAIL PROTECTED]
> >wrote:
>
> > Ok, i used the normal logger with ALL messages showing out, here is the
> > part
> > of the log where the error occurred:
> >
> > Oct 28, 2008 2:21:07 PM org.apache.catalina.realm.JNDIRealm getRoles
> > FINER: Found role Infonet-Admins
> > Oct 28, 2008 2:24:07 PM org.apache.catalina.core.StandardHostValve custom
> > FINE: Processing ErrorPage[errorCode=401, location=/401.jsp]
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> getUserBySearch
> > FINER: entry found for tomcat with dn
> > CN=tomcat,CN=Users,DC=company,DC=com
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm bindAsUser
> > FINER: validating credentials by binding as the user
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm bindAsUser
> > FINER: binding as CN=tomcat,CN=Users,DC=company,DC=com
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> > checkCredentials
> > FINER: Username tomcat successfully authenticated
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> > FINER: getRoles(CN=tomcat,CN=Users,DC=company,DC=com)
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> > addAttributeValues
> > FINER: retrieving values for attribute description
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> > addAttributeValues
> > FINER: retrieving values for attribute description
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm
> > addAttributeValues
> > FINER: retrieving values for attribute description
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> > FINER: Returning 3 roles
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> > FINER: Found role admin
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> > FINER: Found role manager
> > Oct 28, 2008 2:24:13 PM org.apache.catalina.realm.JNDIRealm getRoles
> > FINER: Found role Infonet-Admins
> > Oct 28, 2008 2:33:22 PM org.apache.catalina.core.ApplicationDispatcher
> > doForward
> > FINE: Disabling the response for futher output
> > Oct 28, 2008 2:33:26 PM org.apache.catalina.realm.JNDIRealm authenticate
> > SEVERE: Exception performing authentication
> > javax.naming.PartialResultException [Root exception is
> > javax.naming.CommunicationException: company.com:389 [Root exception is
> > java.net.ConnectException: Connection refused: connect]]
> > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
> > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown
> > Source)
> > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
> > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown
> > Source)
> > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
> > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
> > at
> > org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1097)
> > at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:992)
> > at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:941)
> > at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:810)
> > at
> >
> >
> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
> > at
> >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
> > at
> >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> > at
> >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > at
> >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> > at
> >
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
> > at
> >
> >
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> > at
> > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> > at java.lang.Thread.run(Unknown Source)
> > Caused by: javax.naming.CommunicationException: company.com:389 [Root
> > exception is java.net.ConnectException: Connection refused: connect]
> > at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source)
> > at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown
> > Source)
> > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown
> > Source)
> > ... 20 more
> > Caused by: java.net.ConnectException: Connection refused: connect
> > at java.net.PlainSocketImpl.socketConnect(Native Method)
> > at java.net.PlainSocketImpl.doConnect(Unknown Source)
> > at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
> > at java.net.PlainSocketImpl.connect(Unknown Source)
> > at java.net.SocksSocketImpl.connect(Unknown Source)
> > at java.net.Socket.connect(Unknown Source)
> > at java.net.Socket.connect(Unknown Source)
> > at java.net.Socket.<init>(Unknown Source)
> > at java.net.Socket.<init>(Unknown Source)
> > at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
> > at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
> > at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
> > at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
> > at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
> > at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
> > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
> > at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
> > at
> com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(Unknown
> > Source)
> > at javax.naming.spi.NamingManager.getURLObject(Unknown Source)
> > at javax.naming.spi.NamingManager.processURL(Unknown Source)
> > at javax.naming.spi.NamingManager.processURLAddrs(Unknown Source)
> > at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
> > ... 23 more
> > Oct 28, 2008 2:33:26 PM org.apache.catalina.realm.JNDIRealm close
> > FINE: Closing directory context
> > Oct 28, 2008 2:33:26 PM org.apache.catalina.core.ApplicationDispatcher
> > doForward
> > FINE: Disabling the response for futher output
> >
> > The error 401 is very strange, because i did not access the the system
> that
> > time.
> >
> > BTW the session expiration is 5 minuets.
> >
> > Please Help me in this.
> >
> >
> >
> > On Tue, Oct 28, 2008 at 1:39 PM, Serge Fonville <
> [EMAIL PROTECTED]
> > >wrote:
> >
> > > You can build it on windows, since ant for windows can be downloaded
> the
> > > same as for any other platform it is available for
> > > the fact tomcat was installed as a service has no impact on what can
> and
> > > can't be loaded inside tomcat
> > > since tomcat loads it's configuration file on startup and has all
> > libraies
> > > in its classpath avaiable to it.
> > > the rest can be found on the tomcat website about logging (which yoiu
> > > clearly already found)
> > >
> > > Perhaps you got a specific error during building.
> > > If so, what was it and what steps did you take (before,during,after)
> > >
> > > Regards,
> > >
> > > Serge Fonville
> > > On Tue, Oct 28, 2008 at 11:17 AM, Hisham Farahat <
> > [EMAIL PROTECTED]
> > > >wrote:
> > >
> > > > I have used Softerra LDAP Admin and it worked while tomcat did not.
> > > >
> > > > How can i increase the verbosity ? i tried to configure log4j, but i
> > > could
> > > > not build the extra component (extra.xml) because i'm on windows
> > machine
> > > > and
> > > > i've installed tomcat using windows service installer.
> > > > Any ideas?
> > > >
> > > > thanks for your help!! *using windows service instdallerrrr**log4jl*
> > > >
> > > > On Mon, Oct 27, 2008 at 1:13 PM, Serge Fonville <
> > > [EMAIL PROTECTED]
> > > > >wrote:
> > > >
> > > > > Perhaps if you download Symas OpenLDAP 2.3 (CDS v3) Silver
> > > > > Edition<javascript:uiform_click('xanchor_2212_5')> (Requires
> > > > > registration) (an ldap server for windows), you can use the
> > > accompanying
> > > > > uilities to try and do the same tomcat does.That way you can try to
> > > > > determine if there is anything related to the configuration that is
> > > > > incorrect.
> > > > > Also if you increase the verbosity of the
> > > > > logging<http://tomcat.apache.org/tomcat-6.0-doc/logging.html>you
> > might
> > > > > be able to determine what exactly went wrong.
> > > > >
> > > > > Hope this helps
> > > > >
> > > > > Regards,
> > > > >
> > > > > Serge Fonville
> > > > >
> > > > > Links:
> > > > >
> > > > >
> > > > > On Mon, Oct 27, 2008 at 10:33 AM, Hisham Farahat <
> > > > [EMAIL PROTECTED]
> > > > > >wrote:
> > > > >
> > > > > > It is on a separate server, running windows server 2003.
> > > > > > And no wrong passwords attempts, it happens from the 1st attempt.
> > > > > >
> > > > > > Sorry for the title thing :)
> > > > > >
> > > > > > On Mon, Oct 27, 2008 at 12:20 PM, André Warnier <[EMAIL PROTECTED]>
> > > wrote:
> > > > > >
> > > > > > > Hisham Farahat wrote:
> > > > > > >
> > > > > > >> Dear All,
> > > > > > >> I have a problem with my web application. I configured tomcat
> > 6.0
> > > to
> > > > > > >> authenticate users through Realm ( LDAP), it connects to an
> > active
> > > > > > >> directory
> > > > > > >> server. Everything seems OK, but sometimes the connection
> could
> > > not
> > > > be
> > > > > > >> established ( Connection refused ) and it continues with this
> > > state
> > > > > for
> > > > > > ~
> > > > > > >> 10
> > > > > > >> minutes. Stopping and starting tomcat again won't affect
> > anything,
> > > I
> > > > > > >> should
> > > > > > >> restart the machine so that users can access the web
> application
> > > > > > normally
> > > > > > >> (
> > > > > > >> or just wait for 10 minutes). How can I solve this problem?
> > > > > > >> Regards,
> > > > > > >>
> > > > > > >
> > > > > > > As someone else asked, you need to provide some additional
> > details,
> > > > > such
> > > > > > as
> > > > > > > :
> > > > > > > - is this Tomcat running on your workstation ? else on what ?
> > > > > > >
> > > > > > > With only the explanation above, I would guess that the LDAP
> > server
> > > > > > somehow
> > > > > > > (maybe after a few unsuccesful attempts with bad passwords ?),
> > puts
> > > > > your
> > > > > > > Tomcat server on some blacklist, and refuses connections from
> it.
> > > > > > > Maybe when you reboot the machine, it gets a different IP
> address
> > > and
> > > > > is
> > > > > > > thus no longer on the blacklist at first ?
> > > > > > >
> > > > > > > It does not sound like a specific Tomcat issue though.
> > > > > > >
> > > > > > >
> > > > > > >
> > > ---------------------------------------------------------------------
> > > > > > > To start a new topic, e-mail: users@tomcat.apache.org
> > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Hisham Farahat
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Hisham Farahat
> > > >
> > >
> >
> >
> >
> > --
> > Hisham Farahat
> >
>
--
Hisham Farahat
