LDAP: Multiple OU's
Hi,
I am having intermitent log in issues when using userPatternArray for multiple OU's. If I delete webapps and work folders and restart server (sometimes restarting service is not enought) users are able to log in with no issues, later on the day users start reporting that they cannot log in after multiple tries. I check the error log and collab log and I can see the error messages. If they wait about 5-10minutes and try again they are able to log in. This does not happen if I use only one OU.
note: I used JXplorer to troubleshoot LDAP and I am able to search all users with no issues.
Below is my Root.xml, error log, and collab log.
Any suggestions will be appreciated. I have submitted a few emails to the support team but we haven't found a solution.
--------------------------
Root.xml
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
-->
<Context docBase="${catalina.home}/wars/smartbear-ccollab-server.war" path="" privileged="true" reloadable="false">
<Valve className="com.smartbear.ccollab.auth.AuthTicketValve" collabDbJndiName="/jdbc/collabserver"/>
<Valve className="com.smartbear.ccollab.auth.CollabFormAuthenticator" seed="ba3acb2ec9cc2a582aaa9031c60d40a5"/>
<Valve characterEncoding="UTF-8" className="org.apache.catalina.authenticator.FormAuthenticator"/>
<!--
Code Collaborator database configuration.
The underlying database is exposed as a named resource in the application's JNDI namespace at the well-known name "/jdbc/collabserver".
Because this well-known name is also used directly in the software, it *must not* be changed. However, the underlying datasource can be configured
to support the specific configuration that is desired.
For information on configuring Data Sources, see documentation available at:
http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html
Keep in mind that Code Collaborator does not necessarily support all of the
databases that are documented in the Data Source documentation.
-->
<Resource driverClassName="com.mysql.jdbc.Driver" maxActive="100" maxIdle="20" maxWait="10000" name="/jdbc/collabserver" password="mypassword2" removeAbandoned="true" removeAbandonedTimeout="120" scope="Sharable" testOnBorrow="true" type="javax.sql.DataSource" url="jdbc:mysql://localhost:3306/codecollab?useServerPrepStmts=false&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true" username="username" validationQuery="SELECT 1"/>
<Realm
allRolesMode="strictAuthOnly"
className="org.apache.catalina.realm.JNDIRealm"
connectionName="myusername@mydomain"
connectionPassword="mypasswordhere"
connectionURL="ldap://192.168.1.10:389"
referrals="follow"
userBase="dc=my,dc=domain"
userPatternArray="(OU=Users,OU=Alaska,DC=my,dc=domain):(ou=users,ou=California,ou=San Jose,dc=my,dc=domain):(OU=Users,OU=Texas,OU=Houston,DC=my,DC=domain)"
userSearch="(sAMAccountName={0})"
userSubtree="true"
/>
Code Collaborator Parameters
Configuration parameters made available to the Code Collaborator application.
-->
<Parameter description="Is the Code Collaborator database used for authentication?" name="collaborator-authentication" override="false" value="false"/>
<Parameter description="Should older, less secure, clients be allowed to connect to the Code Collaborator server." name="client-compatibility" override="false" value="false"/>
<Parameter description="The name of the Code Collaborator system administrator who is always allowed to log in." name="system-administrator" override="false" value="myadmin"/>
<Parameter description="Directory (relative to tomcat) where Code Collaborator caches file contents." name="content-cache" override="false" value="collaborator-content-cache"/>
<!--
The following parameter is used for migrating data from one database type to
another.Please read the documentation on database migration carefully before
changing this value.
-->
<Parameter description="Full path to migration/backup database to restore" name="database-migration-data-path" override="false" value="c:\path\to\database\backup\file.zip"/>
</Context>
--------------------------------
Collab log:
WARN http-80-1 com.smartbear.ccollab.AuthTicketFilter - Login failed for user: jdoe
2013-04-17 21:09:34,869 WARN http-80-2 com.smartbear.ccollab.rpc.RpcGwtServlet$GwtInvocationHandler - Could not authenticate user 'jdoe' using password
-------------------------------
Error Log:
Error " Caused by: javax.naming.CommunicationException: DOMAIN.COM:389
[Root exception is java.net.SocketTimeoutException: connect timed out]"
Caused by: java.net.SocketTimeoutException: connect timed out
Apr 23, 2013 9:18:15 AM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: mydomain:389 [Root exception is java.net.SocketTimeoutException: connect timed out]]
I am having intermitent log in issues when using userPatternArray for multiple OU's. If I delete webapps and work folders and restart server (sometimes restarting service is not enought) users are able to log in with no issues, later on the day users start reporting that they cannot log in after multiple tries. I check the error log and collab log and I can see the error messages. If they wait about 5-10minutes and try again they are able to log in. This does not happen if I use only one OU.
note: I used JXplorer to troubleshoot LDAP and I am able to search all users with no issues.
Below is my Root.xml, error log, and collab log.
Any suggestions will be appreciated. I have submitted a few emails to the support team but we haven't found a solution.
--------------------------
Root.xml
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
-->
<Context docBase="${catalina.home}/wars/smartbear-ccollab-server.war" path="" privileged="true" reloadable="false">
<Valve className="com.smartbear.ccollab.auth.AuthTicketValve" collabDbJndiName="/jdbc/collabserver"/>
<Valve className="com.smartbear.ccollab.auth.CollabFormAuthenticator" seed="ba3acb2ec9cc2a582aaa9031c60d40a5"/>
<Valve characterEncoding="UTF-8" className="org.apache.catalina.authenticator.FormAuthenticator"/>
<!--
Code Collaborator database configuration.
The underlying database is exposed as a named resource in the application's JNDI namespace at the well-known name "/jdbc/collabserver".
Because this well-known name is also used directly in the software, it *must not* be changed. However, the underlying datasource can be configured
to support the specific configuration that is desired.
For information on configuring Data Sources, see documentation available at:
http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html
Keep in mind that Code Collaborator does not necessarily support all of the
databases that are documented in the Data Source documentation.
-->
<Resource driverClassName="com.mysql.jdbc.Driver" maxActive="100" maxIdle="20" maxWait="10000" name="/jdbc/collabserver" password="mypassword2" removeAbandoned="true" removeAbandonedTimeout="120" scope="Sharable" testOnBorrow="true" type="javax.sql.DataSource" url="jdbc:mysql://localhost:3306/codecollab?useServerPrepStmts=false&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true" username="username" validationQuery="SELECT 1"/>
<Realm
allRolesMode="strictAuthOnly"
className="org.apache.catalina.realm.JNDIRealm"
connectionName="myusername@mydomain"
connectionPassword="mypasswordhere"
connectionURL="ldap://192.168.1.10:389"
referrals="follow"
userBase="dc=my,dc=domain"
userPatternArray="(OU=Users,OU=Alaska,DC=my,dc=domain):(ou=users,ou=California,ou=San Jose,dc=my,dc=domain):(OU=Users,OU=Texas,OU=Houston,DC=my,DC=domain)"
userSearch="(sAMAccountName={0})"
userSubtree="true"
/>
Code Collaborator Parameters
Configuration parameters made available to the Code Collaborator application.
-->
<Parameter description="Is the Code Collaborator database used for authentication?" name="collaborator-authentication" override="false" value="false"/>
<Parameter description="Should older, less secure, clients be allowed to connect to the Code Collaborator server." name="client-compatibility" override="false" value="false"/>
<Parameter description="The name of the Code Collaborator system administrator who is always allowed to log in." name="system-administrator" override="false" value="myadmin"/>
<Parameter description="Directory (relative to tomcat) where Code Collaborator caches file contents." name="content-cache" override="false" value="collaborator-content-cache"/>
<!--
The following parameter is used for migrating data from one database type to
another.Please read the documentation on database migration carefully before
changing this value.
-->
<Parameter description="Full path to migration/backup database to restore" name="database-migration-data-path" override="false" value="c:\path\to\database\backup\file.zip"/>
</Context>
--------------------------------
Collab log:
WARN http-80-1 com.smartbear.ccollab.AuthTicketFilter - Login failed for user: jdoe
2013-04-17 21:09:34,869 WARN http-80-2 com.smartbear.ccollab.rpc.RpcGwtServlet$GwtInvocationHandler - Could not authenticate user 'jdoe' using password
-------------------------------
Error Log:
Error " Caused by: javax.naming.CommunicationException: DOMAIN.COM:389
[Root exception is java.net.SocketTimeoutException: connect timed out]"
Caused by: java.net.SocketTimeoutException: connect timed out
Apr 23, 2013 9:18:15 AM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: mydomain:389 [Root exception is java.net.SocketTimeoutException: connect timed out]]
