Description of problem: LDAP security realm needs to have configurable timeouts. The default LDAP connection timeout appears to be 2 minutes. If the ldap server is down, it could take 2 minutes for the connection to timeout. This can cause unneeded delay if you have configured multiple ldap servers for failover / redundancy. The following hack appears to work: +++ domain-management/src/main/java/org/jboss/as/domain/management/connections/ldap/LdapConnectionManagerService.java @@ -132,6 +132,7 @@ public class LdapConnectionManagerService implements Service<LdapConnectionManag result.put(Context.INITIAL_CONTEXT_FACTORY,initialContextFactory); String url = config.require(URL).asString(); result.put(Context.PROVIDER_URL,url); + result.put("com.sun.jndi.ldap.connect.timeout", "500"); return result; }
Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2214 This actually raises an interesting point to also consider - if we can detect that the first server was not used maybe for a short period of time we should re-order the server list to give a higher priority to the server we know does exist. As authentication also establishes a connection to the server to verify the password it would be beneficial to lower the priority of the missing server.
Darran Lofthouse <darran.lofthouse> updated the status of jira WFLY-2214 to Coding In Progress
Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2214 Just changed the title to this one, going to add support for some additional environment properties to be set for the LDAP connection, things like timeouts are moving into an area that non-standard properties are now set - also there are additional non-standard properties would could potentially support so adding some generic support for properties will allow for those as well.
This is already merged upstream.
Verified on EAP 6.3.0.DR6.
Remove <programlisting> tags, change '<' to '<' and '>' to '>' to fix Bug 1096865