Hisham Farahat schrieb: > Dear All, > I have stated this problem before, but maybe it was not clear. I will state > it now hopefully more clearly. > > I have a tomcat server 6.0 running on a Windows server 2003, it needs to > authenticate users using JNDI realm which connects to an LDAP server ( > Active directory running on a different machine). > The realm configuration in server.xml is as the following: > ============================================================== > - <#11d47474394ad0f4_> <Host name="*localhost*" appBase="*webapps*"unpackWARs > ="*true*" autoDeploy="*true*" xmlValidation="*false*" xmlNamespaceAware="* > false*"> > <Realm className="*org.apache.catalina.realm.JNDIRealm*" > debug="*99*"connectionURL > ="*ldap://name.com:389/*"; connectionName="*CN=tomcat,CN=Users,DC=name,DC=com > *" connectionPassword="**************" > alternateURL="*ldap://ip:389/*"userSubtree > ="*true*" referrals="*follow*" userSearch="*(| (mailNickname={0}) > (givenName={0}) )*" userBase="*DC=name,DC=com*" roleBase="* > CN=Users,DC=name,DC=com*" roleName="*description*" > roleSearch="*member={0}*"roleSubtree > ="*true*" allRolesMode="*AuthOnly*" /> > </Host> > ============================================================== > > The problem is when i try to login with my AD account, Sometimes ( around > 40% of the times) i get a login error and it continues with this state for > 10 minutes ( no user can login in this period ). Even the manager and admin > accounts that are used to login the manager webapp are not allowed to login. > How can i solve this problem? it is so annoying :( > > Some points: > 1- The log of the error is : > ================== > Oct 29, 2008 8:30:12 AM org.apache.catalina.core.ApplicationDispatcher > doForward > FINE: Disabling the response for futher output > Oct 29, 2008 8:30:15 AM org.apache.catalina.realm.JNDIRealm authenticate > SEVERE: Exception performing authentication > javax.naming.PartialResultException [Root exception is > javax.naming.CommunicationException: name.com:389 [Root exception is > java.net.ConnectException: Connection refused: connect]] > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown > Source) > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown > Source) > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source) > at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source) > at > org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1097)
I have some Realm improvements related to Active Directory in the working queue, likely to be worked on at ApacheCon next week. Those changes are also related to handling PartialResultExceptions. If no one else responds and has a solution or workaround for you, bug me again next week. Regards, Rainer --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
