Forum Discussion

B12328's avatar
New Contributor
12 years ago

LDAP: Multiple OU's


I am having intermitent log in issues when using userPatternArray for multiple OU's. If I delete webapps and work folders and restart server (sometimes restarting service is not enought) users are able to log in with no issues, later on the day users start reporting that they cannot log in after multiple tries. I check the error log and collab log and I can see the error messages. If they wait about 5-10minutes and try again they are able to log in. This does not happen if I use only one OU.

note: I used JXplorer to troubleshoot LDAP and I am able to search all users with no issues.

Below is my Root.xml, error log, and collab log.

Any suggestions will be appreciated. I have submitted a few emails to the support team but we haven't found a solution.




<Context docBase="${catalina.home}/wars/smartbear-ccollab-server.war" path="" privileged="true" reloadable="false">

<Valve className="com.smartbear.ccollab.auth.AuthTicketValve" collabDbJndiName="/jdbc/collabserver"/>

<Valve className="com.smartbear.ccollab.auth.CollabFormAuthenticator" seed="ba3acb2ec9cc2a582aaa9031c60d40a5"/>

<Valve characterEncoding="UTF-8" className="org.apache.catalina.authenticator.FormAuthenticator"/>



    Code Collaborator database configuration.

The underlying database is exposed as a named resource in the application's JNDI namespace at the well-known name "/jdbc/collabserver".

Because this well-known name is also used directly in the software, it *must not* be changed.  However, the underlying datasource can be configured

        to support the specific configuration that is desired.

For information on configuring Data Sources, see documentation available at:



        Keep in mind that Code Collaborator does not necessarily support all of the

        databases that are documented in the Data Source documentation.


<Resource driverClassName="com.mysql.jdbc.Driver" maxActive="100" maxIdle="20" maxWait="10000" name="/jdbc/collabserver" password="mypassword2" removeAbandoned="true" removeAbandonedTimeout="120" scope="Sharable" testOnBorrow="true" type="javax.sql.DataSource" url="jdbc:mysql://localhost:3306/codecollab?useServerPrepStmts=false&amp;useUnicode=true&amp;characterEncoding=UTF-8&amp;autoReconnect=true" username="username" validationQuery="SELECT 1"/>















userPatternArray="(OU=Users,OU=Alaska,DC=my,dc=domain):(ou=users,ou=California,ou=San Jose,dc=my,dc=domain):(OU=Users,OU=Texas,OU=Houston,DC=my,DC=domain)"




Code Collaborator Parameters

 Configuration parameters made available to the Code Collaborator application.



<Parameter description="Is the Code Collaborator database used for authentication?" name="collaborator-authentication" override="false" value="false"/>

<Parameter description="Should older, less secure, clients be allowed to connect to the Code Collaborator server." name="client-compatibility" override="false" value="false"/>

<Parameter description="The name of the Code Collaborator system administrator who is always allowed to log in." name="system-administrator" override="false" value="myadmin"/>

<Parameter description="Directory (relative to tomcat) where Code Collaborator caches file contents." name="content-cache" override="false" value="collaborator-content-cache"/>



The following parameter is used for migrating data from one database type to

another.Please read the documentation on database migration carefully before

 changing this value.


<Parameter description="Full path to migration/backup database to restore" name="database-migration-data-path" override="false" value="c:\path\to\database\backup\"/>



Collab log:

WARN http-80-1 com.smartbear.ccollab.AuthTicketFilter - Login failed for user: jdoe

 2013-04-17 21:09:34,869 WARN http-80-2 com.smartbear.ccollab.rpc.RpcGwtServlet$GwtInvocationHandler - Could not authenticate user 'jdoe' using password


Error Log:

Error " Caused by: javax.naming.CommunicationException: DOMAIN.COM:389

[Root exception is connect timed out]"

Caused by: connect timed out

Apr 23, 2013 9:18:15 AM org.apache.catalina.realm.JNDIRealm authenticate

SEVERE: Exception performing authentication

javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: mydomain:389 [Root exception is connect timed out]]

1 Reply

  • B12328's avatar
    New Contributor
    I'm also using Wireshark to troubleshoot and this is what I've found:

    1142    16.255135000    LDAP    111    bindRequest(1) "adminuser@mydomain" simple

    1143    16.283321000    LDAP    76     bindResponse(1) success

    1144    16.283549000    LDAP    129    searchRequest(2) "dc=my,dc=domain" wholeSubtree

    1149    16.311655000    LDAP    499    searchResEntry(2) "CN=John Doe,OU=Users,OU=California,DC=my,DC=domain"  | searchResRef(2)  | searchResRef(2)  | searchResRef(2)  | searchResRef(2)  | searchResRef(2)  | searchResDone(2) success  [1 result]

    1153    16.316424000    LDAP    111    bindRequest(1) "adminuser@mydomain" simple

    1154    16.317344000    LDAP    164    bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1)

    1973    26.378798000    LDAP    111    bindRequest(1) "adminuser@mydomain" simple

    1975    26.439360000    LDAP    76    bindResponse(1) success

    1976    26.439637000    LDAP    147    searchRequest(2) "DC=DomainDnsZones,DC=my,DC=domain" wholeSubtree

    1977    26.498631000    LDAP    76    searchResDone(2) success  [0 results]2305    31.497416000    LDAP    61    unbindRequest(3)