Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat LDAP authentication problem

 
Petteri Kivimaki
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone

I've been reading this forum for years and found answers to many questions, but for some reason I haven't registered until now.

I have a web application running on Tomcat 7.0.14 and I'm using LDAP for user authentication. The problem is that when a user logs in after an inactive period the following warning comes out. The inactive period doesn't have to be long, as only few minutes is enough. However, the user is able to log in despite of the warning. From the users' point of view the application behaves normally, but Tomcat log reveals the warning below.



The LDAP configuration is in the application's context.xml file:



Has anyone experienced similar problems?

Thanks
 
Petteri Kivimaki
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was able to figure out what causes the warning. The LDAP server timeout for idle connections is 3 minutes, which is the reason for the warning. Now I should find away to get rid of it.
 
Petteri Kivimaki
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was able to figure out the reason for the warning and also a way to get rid of it.

The reason for the warning was that the LDAP server is closing all the connections that have been idle for more than 5 minutes. The LDAP server admin told me that it's recommended to close the connection immediately after each login request, because the number of available handles is limited. Tomcat's JNDIRealm, however, doesn't offer a way to configure this, so I resolved the problem by extending the JNDIRealm class and overriding the authenticate(..) method. All that needs to be done is to close the connection to the LDAP server after each authentication request and the warnings are gone.

Note that the package needs to be the same as JNDIRealm class, because otherwise it's not possible to access the context variable.



Generated jar needs to be put under Tomcat's lib folder and change the className in the application's context.xml to org.apache.catalina.realm.CustomJNDIRealm. Then just restart Tomcat and that's it.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic