tags:

views:

2227

answers:

2

I'm referencing LDAP in a Tomcat security realm in the Tomcat server.xml file. However I'm getting an unusual error: Tomcat doesn't start, and going into the logs I see that it's failed to connect to localhost:389 - Tomcat's default LDAP URL.

However, Tomcat is configured to point at a different URL (not the external URL of the same machine; a different one altogether), like so:

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" 
  connectionURL="ldap://XXX.XX.XX.XXX:389" 
  userSubtree="true"  
  userPattern="(cn={0},ou=XXXXXXXX,ou=XXXXX,o=XXX)"  
  roleBase="ou=XXXXXXXX,o=XXX"  
  roleName="cn"  
  roleSearch="member={0}"  
  connectionName="cn=XXXXXXXX,ou=XXXXXXXX,o=XXX"  
  connectionPassword="XXXXXXXX"/>

And basically I don't know why it's still looking at localhost:389. If anyone's encountered this before, I'd appreciate some help! I've Googled for a while but while people paste the error into pages, there don't seem to be many answers out there. If anyone has any suggestions, I'd be grateful.

Here's the log file:

24-Feb-2009 11:38:45 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Starting service Tomcat-Standalone
Apache Tomcat/4.1.31
Catalina.start: LifecycleException:  Exception opening directory server connection:      
javax.naming.CommunicationException: localhost:389 
    [Root exception is java.net.ConnectException: Connection refused: connect]
LifecycleException:  Exception opening directory server connection:   
javax.naming.CommunicationException: localhost:389 
    [Root exception is java.net.ConnectException: Connection refused: connect]
at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:1558)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
----- Root Cause -----
javax.naming.CommunicationException: localhost:389 
    [Root exception is java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:204)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:53)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:1482)
at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:1556)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at java.net.Socket.<init>(Socket.java:309)
at java.net.Socket.<init>(Socket.java:124)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
... 24 more
Stopping service Tomcat-Standalone
Catalina.stop: LifecycleException:  Coyote connector has not been started
LifecycleException:  Coyote connector has not been started
at org.apache.coyote.tomcat4.CoyoteConnector.stop(CoyoteConnector.java:1296)
at org.apache.catalina.core.StandardService.stop(StandardService.java:499)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2178)
at org.apache.catalina.startup.Catalina.start(Catalina.java:494)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
A: 
  • Many of tomcats config elements support the debug attribute. Try adding debug="99" to the realm configuration. (see the examples in tomcats realm-howto, search for debug="99")
  • make extra extra sure it's not a typo, e.g. in capitalization of connectionURL
  • see if there's any other mentioning of "localhost" (or "127.0") in conf/server.xml
  • see if there's any mentioning of "localhost" (or "127.0") in conf/*/*/*.xml (though that shouldn't cause tomcat not to start: it'd just affect that application)
  • Start with a minimal server.xml - if you use tomcat 5.x a file "server-minimal.xml" was delivered that's way better readable than the default server.xml
  • Make sure that you're not affected by the various xml comments in server.xml - I've got bitten by them multiple times.
Olaf
+1  A: 

try adding the 'alternateURL' attribute with the same value as the connectionURL. For some reason, this worked for me when I had a similar issue.

Tomcat's JNDIRealm has an alternateURL attribute that specifies the server to contact if the primary one is down. Unfortunately, the default value is ldap://localhost:389 which is almost never the correct value. Setting it to the same value as connectionURL will "work" in the sense that you will not receive spurious errors about connecting to localhost, but it will not help you if there is something wrong with the configuration for connectionURL.
Brandon DuRette
The retry on alternateURL is such that the original connection error, whatever it was is swallowed and the exception that is thrown is the exception that occurred connecting to alternateURL. Too bad, because in the basic configuration, the original exception is probably more helpful.
Brandon DuRette