How to configure Custom JNDIRealm (added read timeout for LDAP) in Tomcat Server.xml

Question

We use JNDIRealm (Tomcat 6) for LDAP authentication. May be due to LDAP flakiness, one thread gets lock on JNDIRealm.authenticate method and causing thread dump. To solve this, added CustomJNDIRealm class that extends JNDIRealm as shown below

 package com.gop.it.msoft;

 import org.apache.catalina.realm.JNDIRealm;

 public class CustomJNDIRealm extends JNDIRealm {
 protected String readTimeout;
    @Override
    protected Hashtable<String,String> getDirectoryContextEnvironment() {
      Hashtable<String,String> env = new Hashtable<String,String>();
        if(readTimeout != null) env.put("com.sun.jndi.ldap.read.timeout", readTimeout);
    return env;
    }
 }

Now, how do I configure in Server.xml ? By doing below, I get ClassNotFoundException. Please help.

<Realm allRolesMode="authOnly" className="com.gop.it.msoft.CustomJNDIRealm" connectionURL="ldaps://ldap.gop.com:636" referrals="follow" userPattern="uid={0},ou=People,o=gop.com" readTimeout="5000" userSubtree="false"/>

Thanks a bunch

Answer 1

The Realm implementation has to be available before the webapp is loaded. So, it has to be in a JAR file in Tomcat's lib directory. Putting it into the webapp's own WEB-INF/lib can't work.