RTC v4.0.2 + Tomcat7 + LDAP Connection Problem
Hello,
We intermittently experience connection timeouts from our Tomcat7 to our LDAP server. Somehow, most of the time this seems to be "benign." However, every now and then this causes the entire server to fail authenticating users, causing RTC to not be reachable until the next restart of the Tomcat service. Any help is appreciated.
Exception follows below:
Jul 18, 2013 9:27:31 AM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
Throwable occurred: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: ulinedm.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]]
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:236)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:374)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:220)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:374)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:220)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:183)
at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1461)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1291)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1247)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1188)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1046)
at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:146)
at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:180)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:295)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:450)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:309)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:897)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:919)
at java.lang.Thread.run(Thread.java:738)
Caused by: javax.naming.CommunicationException: ulinedm.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:86)
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:144)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:351)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:220)
... 25 more
Caused by: java.net.SocketTimeoutException: connect timed out
4 answers
The root cause for these type of issues is with LDAP sending partial responses or timing out requests, which causes havik on the Tomcat server. To enable Tomcat to handle these requests add the adCompat=true parameter to the TOmcat configuration
- Open the server.xml file located in the ..\tomcat\config\ folder
- Find this section Realm className="org.apache.catalina.realm.JNDIRealm"
- Ensure you are not in a commented out section before editing
- Add adCompat="true" immediately following Realm className="org.apache.catalina.realm.JNDIRealm".
- Restart tomcat for the changes to take effect.