tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Knoblauch <>
Subject Re: Spurious "Internal Server Errors" accessing "jkmanager" after upgrading Apache, "mod_jk" and OpenSSL
Date Mon, 09 Jan 2017 14:01:53 GMT
Hi everyone,

 just in case the "final" solution is of interest: the problem was as usual
in the configuration. We did not set the following directive for the LDAP
connection pool:

LDAPConnectionPoolTTL #seconds

If the directive is missing, a value of "-1" is implied, meaning "keep
connections open for ever". The LDAP server on the other side sets an "idle
connection timeout" of 600 seconds. As a result a lookup would fail if it
happened 600+ seconds after the first usage of the connection. 600 seconds
is exactly the lifetime of the LDAP cache. Given the time of the year,
usage of the test/integ/devel environment is minimal and there were no
"new" lookups during the cache lifetime, leading to the repeated failures...


LDAPConnectionPoolTTL 60

solved the problem for good.

Happy New Year !!!

On Fri, Dec 30, 2016 at 12:33 AM, Christopher Schultz <> wrote:

> Hash: SHA256
> Martin,
> On 12/29/16 3:47 AM, Martin Knoblauch wrote:
> > that is an interesting pointer. We are of course securing the
> > "jkmanager" app. And guess what we are using: LDAP. The funky thing
> > is that it is working most of the time. It fails just after some
> > time. Refreshing the URL cures it again - for some time. What did
> > you do to fix your problem?
> I'm glad to see you are on your way to solving your problem.
> In my case, it was an expired TLS certificate being used for the
> OpenLDAP process or something similar, so it wasn't anything to do
> with httpd itself. I've also been experimenting with a fall-back for
> LDAP that maybe wouldn't be 100% up-to-date with the LDAP database,
> but at least it wouldn't cause 500 errors.
> Good luck,
> - -chris
> Comment: GPGTools -
> Comment: Using GnuPG with Thunderbird -
> mqSnIzvDKTfTuktDROxZhL+BnSo4dirt0HcHz8yQ6c+hAlS6d2JtGGtpPiNPeigX
> 4+0H9H6Nq9pCwK586wPqUusPs4bh1cbXBquAsdv3mG1w/cge+mgnYI6h7DSVBOgD
> ir84T+7dnEZ25ygiN1e8Hp7DLyxWD/oRd594LIcTRtGisD0hRGGOc5xujmHxdhtQ
> 0X8lQIlViL67Mo13hrFJQh7DO461MYxXElP+Ui39bq/i2rxSxrU4Xz/PjYb8LUhK
> rRxNR7E8b59u+HxtiGMzM6wuRHBPsw4i575DGnSbTWPEjzER5ekLnV2FGdJA7rm5
> u1qENAbq9YuJ5I7NPFxSIC4iVtAI8vYEs86vG/JOtyGwMpy3L1uTpX0oYpEB+6nh
> vUvl3l9S6aBqrYpHI/fG/SH3Y9jZ746d6GjyeLnEGIdjVFTxjbtFFlZH+EiQLMPx
> IIr7zloPAQ+pNl5LjHoBsTjoTHtx6vnIYYFMfsl+vLAuFfHqJPqNh0qUuHoj4Esm
> Rnl5cywGGqLSWiTCSwCdAtt2U8CyA4g6L9slYGp2USkAzBFEI1OFSDuy5A+fol+y
> owkMlAkoMFxg8IM0c0VJofzUz/5IYiVLLRyth5ZfoxH3YK0WKZ8wQ5489bMQbQrt
> QcVRNw4hG9IEkOaWrRhB
> =W4NN
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Martin Knoblauch
email: k n o b i AT knobisoft DOT de

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message