This release of JBoss EAP 6 contains an enhancement that allows the use of custom properties on outbound LDAP connections.
In previous versions of the product, outbound LDAP connections were created with a limited set of properties leaving the remaining to the default behavior. As a result it was not possible for custom properties to be defined to control aspects such as connection and read timeouts.
In this release, custom properties can now be defined for the outbound LDAP connections with code similar to the following:
----
<ldap name="LocalLdap" url="ldap://localhost:10389" search-dn="uid=wildfly,dc=simple,dc=wildfly,dc=org" search-credential="password1!">
<properties>
<property name="one" value="two"/>
<property name="three" value="four"/>
</properties>
</ldap>
----
Description of problem:
LDAP security realm needs to have configurable timeouts.
The default LDAP connection timeout appears to be 2 minutes. If the ldap server is down, it could take 2 minutes for the connection to timeout. This can cause unneeded delay if you have configured multiple ldap servers for failover / redundancy.
The following hack appears to work:
+++ domain-management/src/main/java/org/jboss/as/domain/management/connections/ldap/LdapConnectionManagerService.java
@@ -132,6 +132,7 @@ public class LdapConnectionManagerService implements Service<LdapConnectionManag
result.put(Context.INITIAL_CONTEXT_FACTORY,initialContextFactory);
String url = config.require(URL).asString();
result.put(Context.PROVIDER_URL,url);
+ result.put("com.sun.jndi.ldap.connect.timeout", "500");
return result;
}
Comment 1JBoss JIRA Server
2013-10-04 09:42:39 UTC
Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2214
This actually raises an interesting point to also consider - if we can detect that the first server was not used maybe for a short period of time we should re-order the server list to give a higher priority to the server we know does exist.
As authentication also establishes a connection to the server to verify the password it would be beneficial to lower the priority of the missing server.
Comment 4JBoss JIRA Server
2013-10-29 11:16:45 UTC
Darran Lofthouse <darran.lofthouse> updated the status of jira WFLY-2214 to Coding In Progress
Comment 5JBoss JIRA Server
2013-10-29 13:33:08 UTC
Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2214
Just changed the title to this one, going to add support for some additional environment properties to be set for the LDAP connection, things like timeouts are moving into an area that non-standard properties are now set - also there are additional non-standard properties would could potentially support so adding some generic support for properties will allow for those as well.
Comment 13Darran Lofthouse
2013-11-27 12:05:29 UTC
Description of problem: LDAP security realm needs to have configurable timeouts. The default LDAP connection timeout appears to be 2 minutes. If the ldap server is down, it could take 2 minutes for the connection to timeout. This can cause unneeded delay if you have configured multiple ldap servers for failover / redundancy. The following hack appears to work: +++ domain-management/src/main/java/org/jboss/as/domain/management/connections/ldap/LdapConnectionManagerService.java @@ -132,6 +132,7 @@ public class LdapConnectionManagerService implements Service<LdapConnectionManag result.put(Context.INITIAL_CONTEXT_FACTORY,initialContextFactory); String url = config.require(URL).asString(); result.put(Context.PROVIDER_URL,url); + result.put("com.sun.jndi.ldap.connect.timeout", "500"); return result; }