Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-32834

Timeout setting for LDAP connection in JIRA

    XMLWordPrintable

Details

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      The TCP/IP level resulted in drop of a LDAP connection by a firewall. Jira sends a bindRequest() and fires all others into same. After the requests are done connection is not closed. The firewall closes this connections without telling Jira. Then Jira tries to resend but there is no connection.

      — Below the failure —

      2013-04-25 09:22:59,594 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = DC=Wirecard,DC=lan - filter = (&(&(objectCategory=Person)(memberOf=CN=Jira_Users,OU=Groups Application,OU=Munich,OU=Germany,DC=Wirecard,DC=lan)(sAMAccountName=*))(mail=local.admin.thomas.deiler))
2013-04-25 09:22:59,600 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [transaction.compensating.manager.ContextSourceTransactionManager] Creating new transaction with name [null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT
2013-04-25 09:22:59,603 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [ldap.core.support.AbstractContextSource] Got Ldap context on server 'ldap://ldapserver:389'
2013-04-25 09:22:59,604 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Paged results are enabled with a paging size of: 1000

      — then it worked —

      2013-04-25 09:24:45,288 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = DC=Wirecard,DC=lan - filter = (&(&(objectCategory=Person)(memberOf=CN=Jira_Users,OU=Groups Application,OU=Munich,OU=Germany,DC=Wirecard,DC=lan)(sAMAccountName=*))(mail=local.admin.thomas.deiler))
2013-04-25 09:24:45,289 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [transaction.compensating.manager.ContextSourceTransactionManager] Creating new transaction with name [null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT
2013-04-25 09:24:45,301 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [ldap.core.support.AbstractContextSource] Got Ldap context on server 'ldap://ldapserver:389'
2013-04-25 09:24:45,301 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Paged results are enabled with a paging size of: 1000
2013-04-25 09:24:45,302 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [springframework.ldap.core.LdapTemplate] PartialResultException encountered and ignored
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=Wirecard,DC=lan'
2013-04-25 09:24:45,305 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4
10.10.x.x /rest/gadget/1.0/login [transaction.compensating.manager.Transactio
nAwareDirContextInvocationHandler] Leaving transactional context open

      Many times it runs for the LDAP Sync into a timeout:

      2013-04-25 10:49:26,520 QuartzWorker-0 ERROR ServiceRunner [atlassian.crowd.directory.MicrosoftActiveDirectory] Error looking up attributes for highestCommittedUSN
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name '/'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:215)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793)
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:822)
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$3.call(LdapTemplateWithClassLoaderWrapper.java:77)
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43)
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.lookup(LdapTemplateWithClassLoaderWrapper.java:74)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:288)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:641)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name '/'
at com.sun.jndi.ldap.Connection.readReply(Connection.java:466)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1914)
at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1008)

      We should have a timeout setting for the idle connection as we got for the database.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-34820 LDAP Synchronisation can fail unexpectedly due to mistiming in the "LDAP response read time out"

          • Low - Low priority issues
          • Closed

          Suggestion - JRACLOUD-32834 Timeout setting for LDAP connection in JIRA

          • Closed

          Activity

            People

              Unassigned Unassigned
              ckimloong John Chin
              Votes:
              7 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: