Tomcat error when configuring for LDAP

+4 votes
asked Feb 25, 2009 by robert-grant

I'm referencing LDAP in a Tomcat security realm in the Tomcat server.xml file. However I'm getting an unusual error: Tomcat doesn't start, and going into the logs I see that it's failed to connect to localhost:389 - Tomcat's default LDAP URL.

However, Tomcat is configured to point at a different URL (not the external URL of the same machine; a different one altogether), like so:

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://XXX.XX.XX.XXX:389" userSubtree="true" userPattern="(cn={0},ou=XXXXXXXX,ou=XXXXX,o=XXX)" roleBase="ou=XXXXXXXX,o=XXX" roleName="cn" roleSearch="member={0}" connectionName="cn=XXXXXXXX,ou=XXXXXXXX,o=XXX" connectionPassword="XXXXXXXX"/>

And basically I don't know why it's still looking at localhost:389. If anyone's encountered this before, I'd appreciate some help! I've Googled for a while but while people paste the error into pages, there don't seem to be many answers out there. If anyone has any suggestions, I'd be grateful.

Here's the log file:

24-Feb-2009 11:38:45 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Starting service Tomcat-Standalone
Apache Tomcat/4.1.31
Catalina.start: LifecycleException: Exception opening directory server connection:
javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect]
LifecycleException: Exception opening directory server connection:
javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect]
at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:1558)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
----- Root Cause -----
javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:204)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:53)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:1482)
at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:1556)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at java.net.Socket.<init>(Socket.java:309)
at java.net.Socket.<init>(Socket.java:124)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
... 24 more
Stopping service Tomcat-Standalone
Catalina.stop: LifecycleException: Coyote connector has not been started
LifecycleException: Coyote connector has not been started
at org.apache.coyote.tomcat4.CoyoteConnector.stop(CoyoteConnector.java:1296)
at org.apache.catalina.core.StandardService.stop(StandardService.java:499)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2178)
at org.apache.catalina.startup.Catalina.start(Catalina.java:494)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)

3 Answers

+1 vote
answered Sep 14, 2009 by olaf-kock
  • Many of tomcats config elements support the debug attribute. Try adding debug="99" to the realm configuration. (see the examples in tomcats realm-howto, search for debug="99")
  • make extra extra sure it's not a typo, e.g. in capitalization of connectionURL
  • see if there's any other mentioning of "localhost" (or "127.0") in conf/server.xml
  • see if there's any mentioning of "localhost" (or "127.0") in conf/*/*/*.xml (though that shouldn't cause tomcat not to start: it'd just affect that application)
  • Start with a minimal server.xml - if you use tomcat 5.x a file "server-minimal.xml" was delivered that's way better readable than the default server.xml
  • Make sure that you're not affected by the various xml comments in server.xml - I've got bitten by them multiple times.
+2 votes
answered Dec 12, 2011 by jorel

try adding the 'alternateURL' attribute with the same value as the connectionURL. For some reason, this worked for me when I had a similar issue.

+2 votes
answered Nov 8 by hilton-poon

I know this is a really old post, but I recently had this issue and the problem lay in the fact that I nested my JNDIRealm within a LockoutRealm.

By putting the JNDIRealm as my top level realm I no longer have the problem described. If you do need the lockout realm though, this solution is not helpful.

Welcome to Q&A, where you can ask questions and receive answers from other members of the community.
...