Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-79770

Confluence does not explicitly specify LDAP protocols for pooling

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Won't Do
    • None
    • Other
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Data Center. Using Confluence Cloud? See the corresponding suggestion.

      Atlassian Update - 8 February 2024

      Hi everyone,

      This is Kathleen from the Confluence team. Thank you for your interest in this suggestion.

      After reviewing this suggestion we have decided that we are unlikely to prioritise it for the foreseeable future. As such, we are closing this ticket to help reflect these priorities to customers.

      You can read more about how we prioritise what to implement here.

      To learn more about our recent investments in Confluence Data Center, please check our public roadmap and our dashboards containing recently resolved issues, and current work and future plans.

      Kind regards,
      Confluence Data Center

      The `com.sun.jndi.ldap.connect.pool.protocol` system property is not set explicitly by Confluence. This system property determines what protocols will be supported by the LDAP connection pool and defaults to `plain`, which only allows plaintext connections to be pooled.

      This may not necessarily cause issues in production installations of Confluence as the initialization of the UserCache is performed very early during Confluence's startup and this initialization also applies the connection pool parameters set in the UI (`com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl#initialiseConnectionPoolSystemProperties(com.atlassian.crowd.model.application.Application)`). However if an LDAP interaction resulting in creation of the JNDI connection pool were to occur before those settings were initialized, the pool would be created with the defaults (unless Confluence was started with non-standard system properties). This would cause a severe performance downgrade for instances which use LDAP with SSL.

      Even if this part of Confluence's startup is guaranteed to be executed earlier than the first LDAP interaction which could create a connection pool, a refactoring could change that assumption, introducing a hard to find performance regression.

      This is prevented in Crowd and Bitbucket Server/DC by specifying the connection pool system properties explicitly.

              Unassigned Unassigned
              ppetrowski Patryk
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: