Re: ldap administration tool and error LDAP: error code 49 - Invalid Credentials

2024-06-24 Thread Simon Matter 
Hi,

> Hello Experts,
> Is there any DLap admin tool available ? I want to manage IBM and openldap
> with it . trying to reset users password in IBM ldap but it fails with

You could try https://directory.apache.org/studio/

Regards,
Simon

>
>
> "[root@camttvpws002 app]# ldapsearch -x -h //102.85.9.23 -D
> "ldap@seth.local" -b "dc=seth,dc=local" -w *
> "sAMAcountName=shekhdho"
>
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
>
>
>
>
> [root@camttvpws002 ~]# tail -f /app/web/logs/RMA/RMA.log
>
> 2024-06-22 06:34:31,696{ INFO [http-bio-8443-exec-3] (RMAdao.java:5047) -
> after preparing the statement
>
> 2024-06-22 06:34:31,697{ INFO [http-bio-8443-exec-3] (RMAdao.java:5050) -
> application name is:RMA
>
> 2024-06-22 06:34:31,737{ERROR [http-bio-8443-exec-3] (RMAdao.java:5116) -
> The exception occurred is:ORA-00942: table or view does not exist
>
>
>
> 2024-06-22 06:34:31,738{ERROR [http-bio-8443-exec-3]
> (CheckDownTime.java:60) - Exception Occurred :
> java.lang.NullPointerException
>
> 2024-06-22 06:34:31,739{ INFO [http-bio-8443-exec-3] (LoginAction.java:64)
> - Inside Action:- Method:fetchUserInfo
>
> 2024-06-22 06:34:31,739{ INFO [http-bio-8443-exec-3] (LoginAction.java:67)
> - The username is : shekhdho
>
> 2024-06-22 06:34:31,777{ERROR [http-bio-8443-exec-3] (Ldap.java:85) -
> Exception occurred :javax.naming.AuthenticationException: [LDAP: error
> code 49 - Invalid Credentials]
>
> 2024-06-22 06:34:31,778{ INFO [http-bio-8443-exec-3] (LoginAction.java:78)
> - Emailid is : null
>
> 2024-06-22 06:34:31,779{ INFO [http-bio-8443-exec-3]
> (LoginAction.java:120) - Populated to the value for the jsp...
>
>
>
>
>
>
>
>
> Best Regards,
> Shekhar Dhotre.
> Sr. Operations Manager.
> CNGCS-Int Txn, Voice n Mobile
> MMX ,MOVE,MARS Billing , Analytics.
> shekhar.dho...@tatacommunications.com
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

ldap administration tool and error LDAP: error code 49 - Invalid Credentials

2024-06-24 Thread Shekhar Dhotre 
Hello Experts,
Is there any DLap admin tool available ? I want to manage IBM and openldap with 
it . trying to reset users password in IBM ldap but it fails with


"[root@camttvpws002 app]# ldapsearch -x -h //102.85.9.23 -D 
"ldap@seth.local" -b "dc=seth,dc=local" -w * 
"sAMAcountName=shekhdho"

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)





[root@camttvpws002 ~]# tail -f /app/web/logs/RMA/RMA.log

2024-06-22 06:34:31,696{ INFO [http-bio-8443-exec-3] (RMAdao.java:5047) - after 
preparing the statement

2024-06-22 06:34:31,697{ INFO [http-bio-8443-exec-3] (RMAdao.java:5050) - 
application name is:RMA

2024-06-22 06:34:31,737{ERROR [http-bio-8443-exec-3] (RMAdao.java:5116) - The 
exception occurred is:ORA-00942: table or view does not exist



2024-06-22 06:34:31,738{ERROR [http-bio-8443-exec-3] (CheckDownTime.java:60) - 
Exception Occurred : java.lang.NullPointerException

2024-06-22 06:34:31,739{ INFO [http-bio-8443-exec-3] (LoginAction.java:64) - 
Inside Action:- Method:fetchUserInfo

2024-06-22 06:34:31,739{ INFO [http-bio-8443-exec-3] (LoginAction.java:67) - 
The username is : shekhdho

2024-06-22 06:34:31,777{ERROR [http-bio-8443-exec-3] (Ldap.java:85) - Exception 
occurred :javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid 
Credentials]

2024-06-22 06:34:31,778{ INFO [http-bio-8443-exec-3] (LoginAction.java:78) - 
Emailid is : null

2024-06-22 06:34:31,779{ INFO [http-bio-8443-exec-3] (LoginAction.java:120) - 
Populated to the value for the jsp...








Best Regards,
Shekhar Dhotre.
Sr. Operations Manager.
CNGCS-Int Txn, Voice n Mobile
MMX ,MOVE,MARS Billing , Analytics.
shekhar.dho...@tatacommunications.com

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

2024-06-24 Thread Greg Huber 
A while back we looked into using failtoban for http/https.  Never 
implemented it, but it does work well on our mail servers.


On 24/06/2024 22:57, James H. H. Lampert wrote:

On 6/24/24 12:03 PM, Tim Funk wrote:

Conversely, this is a good time for the developers to review
their server logging and tune it to be less verbose for these
normal exceptions. As well as implementing logging frameworks
and logging at the appropriate level (fatal through debug)


Thanks for your thoughts on the subject.

The primary problem isn't that the catalina.out file is enormous, nor 
that the log messages are too verbose (if anything, they're not 
verbose enough: a timestamp would help) ; it's that while the random 
filenames were being tried, in quick succession, the CPU usage of the 
JVM job skyrocketed, and legitimate traffic was probably having 
trouble getting in.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

2024-06-24 Thread James H. H. Lampert 

On 6/24/24 12:03 PM, Tim Funk wrote:

Conversely, this is a good time for the developers to review
their server logging and tune it to be less verbose for these
normal exceptions. As well as implementing logging frameworks
and logging at the appropriate level (fatal through debug)


Thanks for your thoughts on the subject.

The primary problem isn't that the catalina.out file is enormous, nor 
that the log messages are too verbose (if anything, they're not verbose 
enough: a timestamp would help) ; it's that while the random filenames 
were being tried, in quick succession, the CPU usage of the JVM job 
skyrocketed, and legitimate traffic was probably having trouble getting in.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Chuck Caldarale 


> On Jun 24, 2024, at 16:40, Eric Robinson  wrote:
> 
> I wrote a script that checks the FD counts for every java pid on the server. 
> Just looking at these results, I don't think we're hitting an FD limit at the 
> moment, but I'll try it again tomorrow while the problem is presenting.


Quite a wide variation in the numbers of used FDs.

You might still be running into the acceptCount limit on the . The 
default value is 100, so if more connection requests arrive in between the 
TCP/IP stack passing them on to the listening process, some could still be 
getting rejected.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Eric Robinson 
I wrote a script that checks the FD counts for every java pid on the server. 
Just looking at these results, I don't think we're hitting an FD limit at the 
moment, but I'll try it again tomorrow while the problem is presenting.

[root@app51b scripts]# for s in $(ps ax|grep java|awk '{print $1}');do 
fd_counts $s;echo -e "--\n";done
Process ID: 784860
Max open files: 16384
Used file descriptors: 631
Available file descriptors: 15753
--

Process ID: 801288
Max open files: 16384
Used file descriptors: 70
Available file descriptors: 16314
--

Process ID: 809263
Max open files: 16384
Used file descriptors: 78
Available file descriptors: 16306
--

Process ID: 827276
Max open files: 16384
Used file descriptors: 549
Available file descriptors: 15835
--

Process ID: 847407
Max open files: 16384
Used file descriptors: 94
Available file descriptors: 16290
--

Process ID: 862359
Max open files: 16384
Used file descriptors: 605
Available file descriptors: 15779
--

Process ID: 877635
Max open files: 16384
Used file descriptors: 82
Available file descriptors: 16302
--

Process ID: 887797
Max open files: 16384
Used file descriptors: 102
Available file descriptors: 16282
--

Process ID: 898698
Max open files: 16384
Used file descriptors: 54
Available file descriptors: 16330
--

Process ID: 903756
Max open files: 16384
Used file descriptors: 665
Available file descriptors: 15719
--

Process ID: 918138
Max open files: 16384
Used file descriptors: 457
Available file descriptors: 15927
--

Process ID: 929377
Max open files: 16384
Used file descriptors: 99
Available file descriptors: 16285
--

Process ID: 940403
Max open files: 16384
Used file descriptors: 614
Available file descriptors: 15770
--

Error: Process with PID 946105 does not exist.
--

Process ID: 955351
Max open files: 16384
Used file descriptors: 74
Available file descriptors: 16310
--

Process ID: 963602
Max open files: 16384
Used file descriptors: 82
Available file descriptors: 16302
--

Process ID: 971272
Max open files: 16384
Used file descriptors: 95
Available file descriptors: 16289
--

Process ID: 987470
Max open files: 16384
Used file descriptors: 73
Available file descriptors: 16311
--

Process ID: 1002039
Max open files: 16384
Used file descriptors: 399
Available file descriptors: 15985
--

Process ID: 1012180
Max open files: 16384
Used file descriptors: 117
Available file descriptors: 16267
--

Process ID: 1021450
Max open files: 16384
Used file descriptors: 532
Available file descriptors: 15852
--

Process ID: 1038105
Max open files: 16384
Used file descriptors: 61
Available file descriptors: 16323
--

Process ID: 1047269
Max open files: 16384
Used file descriptors: 735
Available file descriptors: 15649
--

Process ID: 1069422
Max open files: 16384
Used file descriptors: 74
Available file descriptors: 16310
--

Process ID: 1080743
Max open files: 16384
Used file descriptors: 49
Available file descriptors: 16335
--

Process ID: 1087538
Max open files: 16384
Used file descriptors: 74
Available file descriptors: 16310
--

Process ID: 1091023
Max open files: 16384
Used file descriptors: 76
Available file descriptors: 16308
--

Process ID: 1098912
Max open files: 16384
Used file descriptors: 388
Available file descriptors: 15996
--

Process ID: 1106941
Max open files: 16384
Used file descriptors: 606
Available file descriptors: 15778
--

Process ID: 1124436
Max open files: 16384
Used file descriptors: 70
Available file descriptors: 16314
--

Process ID: 1133799
Max open files: 16384
Used file descriptors: 73
Available file descriptors: 16311
--

Process ID: 1141993
Max open files: 16384
Used file descriptors: 74
Available file descriptors: 16310
--

Process ID: 1154539
Max open files: 16384
Used file descriptors: 488
Available file descriptors: 15896
--

Process ID: 1167799
Max open files: 16384
Used file descriptors: 224
Available file descriptors: 16160
--

Process ID: 1175722
Max open files: 16384
Used file descriptors: 75
Available file descriptors: 16309
--

Process ID: 1185333
Max open files: 16384
Used file descriptors: 421
Available file descriptors: 15963
--

Process ID: 1199328
Max open files: 16384
Used file descriptors: 108
Available file descriptors: 16276
--

Process ID: 1214320
Max open files: 16384
Used file descriptors: 468
Available file descriptors: 15916
--

Process ID: 1223773
Max open files: 16384
Used file descriptors: 113
Available file descriptors: 16271
--

Process ID: 1233052
Max open files: 16384
Used file descriptors: 56
Available file descriptors: 16328
--

Process ID: 1239823
Max open files: 16384
Used file descriptors: 75
Available file descriptors: 16309
--

Process ID: 1252744
Max open files:

Re: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Chuck Caldarale 

> On Jun 24, 2024, at 15:47, Eric Robinson  wrote:
> 
>> -Original Message-
>> From: Chuck Caldarale 
>> Sent: Monday, June 24, 2024 1:40 PM
>> To: Tomcat Users List 
>> Subject: Re: Isolating the Root Cause of "Connection Refused"
>> 
>> 
>>> On Jun 24, 2024, at 15:36, Eric Robinson  wrote:
>>> 
 -Original Message-
 From: Chuck Caldarale 
 Sent: Monday, June 24, 2024 1:29 PM
 To: Tomcat Users List 
 Subject: Re: Isolating the Root Cause of "Connection Refused"
 
 
> On Jun 24, 2024, at 15:19, Eric Robinson 
>> wrote:
> 
> We have a tomcat server that is not that busy. It has 100 tomcat
> instances
 running, but it handles a few hundred connections per second total,
 across all of them. It intermittently rejects connection attempts to
 listening tomcats. The server is running Rocky 8, has 48 cores (about
 15-40% utilized), 1T RAM (400G free), with NVME storage. 'sar' shows
>> almost 0% iowait.
> 
> During production:
> 
> *   /proc/sys/net/netfilter/nf_conntrack_count shows anywhere from 100K
>> to
 250K connections
> *   /proc/sys/net/netfilter/nf_conntrack_max is set to 2M.
> *   netstat -an|wc -l usually shows 90-150K connections
> 
> Obviously, the TCP stack must be running into some resource
> limitation, or
 some kind of race condition. I've been working the issue for hours
 and days, without success. How can I determine exactly why the
 tomcats intermittently reject connections?
 
 
 Perhaps some of the Tomcat processes are occasionally running out of
 file descriptors?
 
>>> 
>>> Great thought. Wouldn't tomcat log a message somewhere if that were the
>> case?
>> 
>> 
>> No - Tomcat would never see the request and would have no knowledge that the
>> OS blocked the connection attempt.
>> 
> 
> But the OS should log something, I assume? I don't see anything in dmesg or 
> messages.


As Thomas noted, the OS won’t log this, since it’s considered to be an 
application error.

You can look at /proc//limits to see what any process of interest is 
limited to. Counting open files for a process is a bit trickier, but something 
like:

ls -1 /proc//fd | wc -l

will do it. I don’t know of any commonly available tool to watch for open files 
getting close to the limit.

You can experiment with larger values of acceptCount on your  
elements to see if that might allow for better handling of bursts of connection 
requests. Also, it used to be that socket FDs were not released until garbage 
collection ran, but I’m not sure if that’s still the case in current versions 
of Tomcat and JVM.

  - Chuck

RE: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Thomas Meyer 
Hi,

No I don't think so. Best is to check ulimit for your tomcat processes.
Also fd count is available as jmx property I think, but not sure if it does 
contain all kinds of FDs.
You may want to monitor FD count Vs max FD.

Mfg
Thomas 

Am 24. Juni 2024 22:47:52 MESZ schrieb Eric Robinson :
>> -Original Message-
>> From: Chuck Caldarale 
>> Sent: Monday, June 24, 2024 1:40 PM
>> To: Tomcat Users List 
>> Subject: Re: Isolating the Root Cause of "Connection Refused"
>>
>>
>> > On Jun 24, 2024, at 15:36, Eric Robinson  wrote:
>> >
>> >> -Original Message-
>> >> From: Chuck Caldarale 
>> >> Sent: Monday, June 24, 2024 1:29 PM
>> >> To: Tomcat Users List 
>> >> Subject: Re: Isolating the Root Cause of "Connection Refused"
>> >>
>> >>
>> >>> On Jun 24, 2024, at 15:19, Eric Robinson 
>> wrote:
>> >>>
>> >>> We have a tomcat server that is not that busy. It has 100 tomcat
>> >>> instances
>> >> running, but it handles a few hundred connections per second total,
>> >> across all of them. It intermittently rejects connection attempts to
>> >> listening tomcats. The server is running Rocky 8, has 48 cores (about
>> >> 15-40% utilized), 1T RAM (400G free), with NVME storage. 'sar' shows
>> almost 0% iowait.
>> >>>
>> >>> During production:
>> >>>
>> >>> *   /proc/sys/net/netfilter/nf_conntrack_count shows anywhere from 100K
>> to
>> >> 250K connections
>> >>> *   /proc/sys/net/netfilter/nf_conntrack_max is set to 2M.
>> >>> *   netstat -an|wc -l usually shows 90-150K connections
>> >>>
>> >>> Obviously, the TCP stack must be running into some resource
>> >>> limitation, or
>> >> some kind of race condition. I've been working the issue for hours
>> >> and days, without success. How can I determine exactly why the
>> >> tomcats intermittently reject connections?
>> >>
>> >>
>> >> Perhaps some of the Tomcat processes are occasionally running out of
>> >> file descriptors?
>> >>
>> >
>> > Great thought. Wouldn't tomcat log a message somewhere if that were the
>> case?
>>
>>
>> No - Tomcat would never see the request and would have no knowledge that the
>> OS blocked the connection attempt.
>>
>
>But the OS should log something, I assume? I don't see anything in dmesg or 
>messages.
>
>>   - Chuck
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>Disclaimer : This email and any files transmitted with it are confidential and 
>intended solely for intended recipients. If you are not the named addressee 
>you should not disseminate, distribute, copy or alter this email. Any views or 
>opinions presented in this email are solely those of the author and might not 
>represent those of Physician Select Management. Warning: Although Physician 
>Select Management has taken reasonable precautions to ensure no viruses are 
>present in this email, the company cannot accept responsibility for any loss 
>or damage arising from the use of this email or attachments.
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

RE: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Eric Robinson 
> -Original Message-
> From: Chuck Caldarale 
> Sent: Monday, June 24, 2024 1:40 PM
> To: Tomcat Users List 
> Subject: Re: Isolating the Root Cause of "Connection Refused"
>
>
> > On Jun 24, 2024, at 15:36, Eric Robinson  wrote:
> >
> >> -Original Message-
> >> From: Chuck Caldarale 
> >> Sent: Monday, June 24, 2024 1:29 PM
> >> To: Tomcat Users List 
> >> Subject: Re: Isolating the Root Cause of "Connection Refused"
> >>
> >>
> >>> On Jun 24, 2024, at 15:19, Eric Robinson 
> wrote:
> >>>
> >>> We have a tomcat server that is not that busy. It has 100 tomcat
> >>> instances
> >> running, but it handles a few hundred connections per second total,
> >> across all of them. It intermittently rejects connection attempts to
> >> listening tomcats. The server is running Rocky 8, has 48 cores (about
> >> 15-40% utilized), 1T RAM (400G free), with NVME storage. 'sar' shows
> almost 0% iowait.
> >>>
> >>> During production:
> >>>
> >>> *   /proc/sys/net/netfilter/nf_conntrack_count shows anywhere from 100K
> to
> >> 250K connections
> >>> *   /proc/sys/net/netfilter/nf_conntrack_max is set to 2M.
> >>> *   netstat -an|wc -l usually shows 90-150K connections
> >>>
> >>> Obviously, the TCP stack must be running into some resource
> >>> limitation, or
> >> some kind of race condition. I've been working the issue for hours
> >> and days, without success. How can I determine exactly why the
> >> tomcats intermittently reject connections?
> >>
> >>
> >> Perhaps some of the Tomcat processes are occasionally running out of
> >> file descriptors?
> >>
> >
> > Great thought. Wouldn't tomcat log a message somewhere if that were the
> case?
>
>
> No - Tomcat would never see the request and would have no knowledge that the
> OS blocked the connection attempt.
>

But the OS should log something, I assume? I don't see anything in dmesg or 
messages.

>   - Chuck
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Disclaimer : This email and any files transmitted with it are confidential and 
intended solely for intended recipients. If you are not the named addressee you 
should not disseminate, distribute, copy or alter this email. Any views or 
opinions presented in this email are solely those of the author and might not 
represent those of Physician Select Management. Warning: Although Physician 
Select Management has taken reasonable precautions to ensure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage arising from the use of this email or attachments.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Chuck Caldarale 


> On Jun 24, 2024, at 15:36, Eric Robinson  wrote:
> 
>> -Original Message-
>> From: Chuck Caldarale 
>> Sent: Monday, June 24, 2024 1:29 PM
>> To: Tomcat Users List 
>> Subject: Re: Isolating the Root Cause of "Connection Refused"
>> 
>> 
>>> On Jun 24, 2024, at 15:19, Eric Robinson  wrote:
>>> 
>>> We have a tomcat server that is not that busy. It has 100 tomcat instances
>> running, but it handles a few hundred connections per second total, across 
>> all of
>> them. It intermittently rejects connection attempts to listening tomcats. The
>> server is running Rocky 8, has 48 cores (about 15-40% utilized), 1T RAM (400G
>> free), with NVME storage. 'sar' shows almost 0% iowait.
>>> 
>>> During production:
>>> 
>>> *   /proc/sys/net/netfilter/nf_conntrack_count shows anywhere from 100K to
>> 250K connections
>>> *   /proc/sys/net/netfilter/nf_conntrack_max is set to 2M.
>>> *   netstat -an|wc -l usually shows 90-150K connections
>>> 
>>> Obviously, the TCP stack must be running into some resource limitation, or
>> some kind of race condition. I've been working the issue for hours and days,
>> without success. How can I determine exactly why the tomcats intermittently
>> reject connections?
>> 
>> 
>> Perhaps some of the Tomcat processes are occasionally running out of file
>> descriptors?
>> 
> 
> Great thought. Wouldn't tomcat log a message somewhere if that were the case?


No - Tomcat would never see the request and would have no knowledge that the OS 
blocked the connection attempt.

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Eric Robinson 
> -Original Message-
> From: Chuck Caldarale 
> Sent: Monday, June 24, 2024 1:29 PM
> To: Tomcat Users List 
> Subject: Re: Isolating the Root Cause of "Connection Refused"
>
>
> > On Jun 24, 2024, at 15:19, Eric Robinson  wrote:
> >
> > We have a tomcat server that is not that busy. It has 100 tomcat instances
> running, but it handles a few hundred connections per second total, across 
> all of
> them. It intermittently rejects connection attempts to listening tomcats. The
> server is running Rocky 8, has 48 cores (about 15-40% utilized), 1T RAM (400G
> free), with NVME storage. 'sar' shows almost 0% iowait.
> >
> > During production:
> >
> >  *   /proc/sys/net/netfilter/nf_conntrack_count shows anywhere from 100K to
> 250K connections
> >  *   /proc/sys/net/netfilter/nf_conntrack_max is set to 2M.
> >  *   netstat -an|wc -l usually shows 90-150K connections
> >
> > Obviously, the TCP stack must be running into some resource limitation, or
> some kind of race condition. I've been working the issue for hours and days,
> without success. How can I determine exactly why the tomcats intermittently
> reject connections?
>
>
> Perhaps some of the Tomcat processes are occasionally running out of file
> descriptors?
>

Great thought. Wouldn't tomcat log a message somewhere if that were the case?

>   - Chuck
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Disclaimer : This email and any files transmitted with it are confidential and 
intended solely for intended recipients. If you are not the named addressee you 
should not disseminate, distribute, copy or alter this email. Any views or 
opinions presented in this email are solely those of the author and might not 
represent those of Physician Select Management. Warning: Although Physician 
Select Management has taken reasonable precautions to ensure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage arising from the use of this email or attachments.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Chuck Caldarale 


> On Jun 24, 2024, at 15:19, Eric Robinson  wrote:
> 
> We have a tomcat server that is not that busy. It has 100 tomcat instances 
> running, but it handles a few hundred connections per second total, across 
> all of them. It intermittently rejects connection attempts to listening 
> tomcats. The server is running Rocky 8, has 48 cores (about 15-40% utilized), 
> 1T RAM (400G free), with NVME storage. 'sar' shows almost 0% iowait.
> 
> During production:
> 
>  *   /proc/sys/net/netfilter/nf_conntrack_count shows anywhere from 100K to 
> 250K connections
>  *   /proc/sys/net/netfilter/nf_conntrack_max is set to 2M.
>  *   netstat -an|wc -l usually shows 90-150K connections
> 
> Obviously, the TCP stack must be running into some resource limitation, or 
> some kind of race condition. I've been working the issue for hours and days, 
> without success. How can I determine exactly why the tomcats intermittently 
> reject connections?


Perhaps some of the Tomcat processes are occasionally running out of file 
descriptors?

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Isolating the Root Cause of "Connection Refused"

2024-06-24 Thread Eric Robinson 
We have a tomcat server that is not that busy. It has 100 tomcat instances 
running, but it handles a few hundred connections per second total, across all 
of them. It intermittently rejects connection attempts to listening tomcats. 
The server is running Rocky 8, has 48 cores (about 15-40% utilized), 1T RAM 
(400G free), with NVME storage. 'sar' shows almost 0% iowait.

During production:


  *   /proc/sys/net/netfilter/nf_conntrack_count shows anywhere from 100K to 
250K connections
  *   /proc/sys/net/netfilter/nf_conntrack_max is set to 2M.
  *   netstat -an|wc -l usually shows 90-150K connections

Obviously, the TCP stack must be running into some resource limitation, or some 
kind of race condition. I've been working the issue for hours and days, without 
success. How can I determine exactly why the tomcats intermittently reject 
connections?

-Eric


Disclaimer : This email and any files transmitted with it are confidential and 
intended solely for intended recipients. If you are not the named addressee you 
should not disseminate, distribute, copy or alter this email. Any views or 
opinions presented in this email are solely those of the author and might not 
represent those of Physician Select Management. Warning: Although Physician 
Select Management has taken reasonable precautions to ensure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage arising from the use of this email or attachments.

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

2024-06-24 Thread Tim Funk 
As long as the webapp is reporting 404's - you're in good
shape and probably not exposing hints of new vectors for
attack. (Sometimes 500's errors can provide hints for tweaking
parameters)

But this is really a case study for why people may want to
run a web application firewall. (I do not have a recommended
vendor / solution)

Conversely, this is a good time for the developers to review
their server logging and tune it to be less verbose for these
normal exceptions. As well as implementing logging frameworks
and logging at the appropriate level (fatal through debug)

-Tim

On Mon, Jun 24, 2024 at 12:29 PM James H. H. Lampert
 wrote:

> Over the weekend, one of our customers got hit with what appears to have
> been either a penetration attempt or a DOS attack (or both).
>
> Their catalina.out file contains tens of thousands (probably over 100k)
> of lines reporting that our webapp received a request for a nonexistent
> server object, and issued a 404.
>
> I suggested that the customer ask their network people to check their
> firewall logs, to see if they can find a source, and plug it up, but of
> course that only stops it from the known source IP(s).
>
> Any suggestions on what else can be done? Anything that I should pass on
> to the customer or to our webapp developers?
>
>

Re: [EXTERNAL EMAIL] RE: The Import cannot be resolved

2024-06-24 Thread Shekhar Dhotre 
Sorry I didn’t realize that I’m asking question in another thread. Will open 
new one .


Cheers
SD

From: Niranjan Rao 
Sent: Monday, June 24, 2024 9:54:07 PM
To: users@tomcat.apache.org 
Subject: Re: [EXTERNAL EMAIL] RE: The Import cannot be resolved

You will have better luck if you open your own thread


Regards,

Niranjan

On 6/23/24 21:25, Shekhar Dhotre wrote:
> Hello Team, Is there any document or link that can point me to Tomcat
> and ldap integration ? I googled and nothing came out except few
> vidoes which doesn’t show steps. We have IBM ldap and just installed
> openldap because we were not able to
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> ZjQcmQRYFpfptBannerEnd
> Hello Team,
> Is there any document or link that can point me to Tomcat and ldap 
> integration ? I googled and nothing came out except few vidoes which doesn’t 
> show steps.
>
> We have IBM ldap and just installed openldap because we were not able to 
> reset IBM ldap users password . How can I reset  root/admon password in Ldap ?
>
> Thanks
> SD
>

Possible penetration attempt or DOS attack: any suggestions on what can be done?

2024-06-24 Thread James H. H. Lampert 
Over the weekend, one of our customers got hit with what appears to have 
been either a penetration attempt or a DOS attack (or both).


Their catalina.out file contains tens of thousands (probably over 100k) 
of lines reporting that our webapp received a request for a nonexistent 
server object, and issued a 404.


I suggested that the customer ask their network people to check their 
firewall logs, to see if they can find a source, and plug it up, but of 
course that only stops it from the known source IP(s).


Any suggestions on what else can be done? Anything that I should pass on 
to the customer or to our webapp developers?


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [EXTERNAL EMAIL] RE: The Import cannot be resolved

2024-06-24 Thread Niranjan Rao 

You will have better luck if you open your own thread


Regards,

Niranjan

On 6/23/24 21:25, Shekhar Dhotre wrote:
Hello Team, Is there any document or link that can point me to Tomcat 
and ldap integration ? I googled and nothing came out except few 
vidoes which doesn’t show steps. We have IBM ldap and just installed 
openldap because we were not able to

ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
ZjQcmQRYFpfptBannerEnd
Hello Team,
Is there any document or link that can point me to Tomcat and ldap integration 
? I googled and nothing came out except few vidoes which doesn’t show steps.

We have IBM ldap and just installed openldap because we were not able to reset 
IBM ldap users password . How can I reset  root/admon password in Ldap ?

Thanks
SD