Announcement Announcement Module
Collapse
No announcement yet.
LDAP connection timeout exception - some times Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP connection timeout exception - some times

    Hi Team,


    I'm using Ldap authentication for my web applications. Everything is working fine most of the times.

    But ones in every 15 days or 10 days, I'm getting the connection timeout. But if I restart the tomcat then everything working fine. I couldn't find any

    issues with my code. Can anyone please help me on this. below is my java code. I'm keeping all the ldap entries in tomcat's server.xml and getting them in my java code to avoid the hard

    code configurations in my java code.

    I'm closing the context and naming enumerations like below, but still getting javax.naming.CommunicationException: error.



    Can anyone please help me out on this.



    public boolean authenticateFromLdap(String username, String password)throws AuthenticationException,Exception {

    LdapContext ctx = null;

    Context newctx = new InitialContext();

    Context envCtx = (Context) newctx.lookup("java:comp/env");

    DirContext ctxDir = (DirContext)envCtx.lookup("ldap/myapp");

    NamingEnumeration<?> namingEnum = null;

    String userDN=null;

    boolean isauthenticated = false;

    try {

    Hashtable env = null;

    Control[] connCtls = null;

    env = ctxDir.getEnvironment();

    env.put(Context.REFERRAL, "follow");

    this.filter = (String)env.get("ldap.filter");

    this.base = (String)env.get("ldap.base");



    try {

    ctx = new InitialLdapContext(env, connCtls);

    ctx.setRequestControls(null);

    } catch (javax.naming.AuthenticationException ex) {

    throw new Exception("ldap.server.exception");

    } catch (Exception ex) {

    throw new Exception("ldap.server.exception");

    }

    try {

    SearchControls searchControls = new SearchControls();

    searchControls.setSearchScope(SearchControls.SUBTR EE_SCOPE);

    searchControls.setTimeLimit(30000);

    String filter="("+this.filter+"="+username+")";

    ctx.setRequestControls(null);

    namingEnum = ctx.search(

    this.base,

    filter, searchControls);

    SearchResult result = (SearchResult) namingEnum.next();

    Attributes attrs = result.getAttributes();

    Attribute str1=attrs.get("userprincipalname");

    userDN=str1.get().toString();

    if(userDN==null){

    userDN=username;

    }

    ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,us erDN);

    ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);

    ctx.reconnect(connCtls);

    isauthenticated = true;

    }catch (AuthenticationException ex) {

    throw new AuthenticationException();

    }catch (NamingException ex) {

    throw new Exception("ldap.server.exception");

    }

    return isauthenticated;

    } finally {

    if (null != namingEnum) {

    try {

    namingEnum.close();

    } catch (Exception e) {

    throw new Exception("close.ldap.failure");

    }

    }

    if (null != ctx) {

    try {

    ctx.close();

    } catch (Exception e) {

    throw new Exception("close.ldap.failure");

    }

    }

    }

    }





    Tomcat (v6.0.14) server.xml:



    <Resource name="ldap/myapp"

    auth="Container"

    type="com.sun.jndi.ldap.LdapCtx"

    factory="com.myapp.MyLdapFactory"

    java.naming.factory.initial="com.sun.jndi.ldap.Lda pCtxFactory"

    com.sun.jndi.ldap.connect.pool="false"

    java.naming.provider.url="ldap://ldap.com.test.net:389"

    java.naming.security.authentication="simple"

    java.naming.security.principal="MyAdmin"

    java.naming.security.credentials="xxxxxxx"

    ldap.base="DC=com,DC=test,DC=net"

    ldap.filter="sAMAccountName"

    />



    Below is the error log trace:

    2013-Mar-26 12:01:34,714 AppUserDetailsService - javax.naming.CommunicationException: ldap.com.test.net:389 [Root exception is java.net.ConnectException: Connection timed out: connect]



    Note: Ones we restart the tomcat, everything is working as usual and after 2 weeks again same problem occuring.



    Thanks in advance
    Ganesh

  • #2
    Hi,

    I'm facing the same issue. I have a firewall between my application and the LDAP server. Have you the same configuration network?
    The first LDAP request works fine, but if I'm waiting more than the firewall timeout, all requests are dropped!
    After checking network traces, I discover that Spring LDAP send a SYN for the first request and then send directly all requests without SYN. After the firewall timeout, the Firewall drop every LDAP request because of SYN message missing.

    Is there any way to force Spring LDAP to reconnect?
    Can I specify a spring LDAP connection timeout smaller than firewall timeout?

    Thx
    Seni

    Comment

    Working...
    X