tags:

views:

2227

answers:

2
+1  Q: 

Tomcat error when configuring for LDAP

I'm referencing LDAP in a Tomcat security realm in the Tomcat server.xml file. However I'm getting an unusual error: Tomcat doesn't start, and going into the logs I see that it's failed to connect to localhost:389 - Tomcat's default LDAP URL.

However, Tomcat is configured to point at a different URL (not the external URL of the same machine; a different one altogether), like so:

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" 
  connectionURL="ldap://XXX.XX.XX.XXX:389" 
  userSubtree="true"  
  userPattern="(cn={0},ou=XXXXXXXX,ou=XXXXX,o=XXX)"  
  roleBase="ou=XXXXXXXX,o=XXX"  
  roleName="cn"  
  roleSearch="member={0}"  
  connectionName="cn=XXXXXXXX,ou=XXXXXXXX,o=XXX"  
  connectionPassword="XXXXXXXX"/>

And basically I don't know why it's still looking at localhost:389. If anyone's encountered this before, I'd appreciate some help! I've Googled for a while but while people paste the error into pages, there don't seem to be many answers out there. If anyone has any suggestions, I'd be grateful.

Here's the log file:

24-Feb-2009 11:38:45 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Starting service Tomcat-Standalone
Apache Tomcat/4.1.31
Catalina.start: LifecycleException:  Exception opening directory server connection:      
javax.naming.CommunicationException: localhost:389 
    [Root exception is java.net.ConnectException: Connection refused: connect]
LifecycleException:  Exception opening directory server connection:   
javax.naming.CommunicationException: localhost:389 
    [Root exception is java.net.ConnectException: Connection refused: connect]
at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:1558)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
----- Root Cause -----
javax.naming.CommunicationException: localhost:389 
    [Root exception is java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:204)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:53)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:1482)
at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:1556)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at java.net.Socket.<init>(Socket.java:309)
at java.net.Socket.<init>(Socket.java:124)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
... 24 more
Stopping service Tomcat-Standalone
Catalina.stop: LifecycleException:  Coyote connector has not been started
LifecycleException:  Coyote connector has not been started
at org.apache.coyote.tomcat4.CoyoteConnector.stop(CoyoteConnector.java:1296)
at org.apache.catalina.core.StandardService.stop(StandardService.java:499)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2178)
at org.apache.catalina.startup.Catalina.start(Catalina.java:494)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
A: 
  • Many of tomcats config elements support the debug attribute. Try adding debug="99" to the realm configuration. (see the examples in tomcats realm-howto, search for debug="99")
  • make extra extra sure it's not a typo, e.g. in capitalization of connectionURL
  • see if there's any other mentioning of "localhost" (or "127.0") in conf/server.xml
  • see if there's any mentioning of "localhost" (or "127.0") in conf/*/*/*.xml (though that shouldn't cause tomcat not to start: it'd just affect that application)
  • Start with a minimal server.xml - if you use tomcat 5.x a file "server-minimal.xml" was delivered that's way better readable than the default server.xml
  • Make sure that you're not affected by the various xml comments in server.xml - I've got bitten by them multiple times.
Olaf  2009-03-07 12:25:21
+1  A: 

try adding the 'alternateURL' attribute with the same value as the connectionURL. For some reason, this worked for me when I had a similar issue.

 2009-09-14 14:40:53
Tomcat's JNDIRealm has an alternateURL attribute that specifies the server to contact if the primary one is down. Unfortunately, the default value is ldap://localhost:389 which is almost never the correct value. Setting it to the same value as connectionURL will "work" in the sense that you will not receive spurious errors about connecting to localhost, but it will not help you if there is something wrong with the configuration for connectionURL.
Brandon DuRette  2010-08-06 17:47:19
The retry on alternateURL is such that the original connection error, whatever it was is swallowed and the exception that is thrown is the exception that occurred connecting to alternateURL. Too bad, because in the basic configuration, the original exception is probably more helpful.
Brandon DuRette  2010-08-06 17:49:24

related questions

Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
How to avoid temporary file creation on server-side when pushing back full HTML content to clients?
What tools are there for timed batch processes in J2EE?
Eclipse - How can I change a 'Project Facet' from Tomcat 6 to Tomcat 5.5?
What must I do to make content such as images served over HTTPS be cached client-side?
Packaging up Tomcat
What is the Simplest Tomcat/Apache Connector (Windows)?
Wildcards for resources in a Tomcat Servlet's context.xml
How to debug a JSP tomcat service using eclipse?
Why does Tomcat 5.5 (with Java 1.4, running on Windows XP 32-bit) suddenly hang?
In Tomcat how can my servlet determine what connectors are configured?
tomcat5 fails to start on CentOS 5 with NoClassDefFoundError exception
Accessing Tomcat Context Path from Servlet
Unit-testing servlets
Some Tomcat webapps not opening
Java ConnectionPool connection not closing, stuck in 'sleep'
Tomcat vs Weblogic JNDI Lookup
Tomcat doFilter() invoked with committed response
Difference between the Apache HTTP Server and Apache Tomcat?
Should you run one or multiple applications per tomcat cluster?
Invalid <url-pattern> servlet mapping in tomcat 6.0
How do you configure tomcat to bind to a single ip address (localhost) instead of all addresses?
Java+Tomcat, Dying databse connection?
Arrays of Arrays in Java