Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2494

LDAP Synchronisation can fail unexpectedly due to mistiming in the "LDAP response read time out"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Tracked Elsewhere
    • Icon: Medium Medium
    • None
    • None
    • None
    • None

      In attached log you can see a synchronisation start at 2011-06-01 15:42:59,076 and "time-out" for 120 second timeout at 2011-06-01 15:43:15,739

      Bug description

      In this bug, a read timeout exception is thrown before the timeout has passed. In the log snippet below, read timeout exception was thrown only around 300 milliseconds after last successful LDAP operation:

      2011-06-01 15:43:15,400 QuartzWorker-1 INFO ServiceRunner     [directory.ldap.cache.AbstractCacheRefresher] found [ 210 ] remote user-group memberships in [ 317ms ]
2011-06-01 15:43:15,715 QuartzWorker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation complete in [ 16639ms ]
2011-06-01 15:43:15,739 QuartzWorker-1 ERROR ServiceRunner     [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name 'cn=c-user-1593,ou=childou-c-2000users,ou=loadtesting10k,o=sgi,c=us'

      Cause

      This bug is triggered randomly in some environments, when the Read Timeout field in LDAP directory properties has been set to non-zero value.

      This bug is caused by a known bug (#6968459) affecting Java SE.

      Workaround

      Normally these exceptions can be safely ignored as the synchronisation is self-correcting. That is, problems encountered in one synchronisation round will get fixed in the following synchronisation round.

      If the synchronisation fails to complete successfully repeatedly, a known workaround is to disable read timeout by setting the Read Timeout field in LDAP directory properties to 0. A side-effect of this change is that Crowd will not be able to recover automatically from LDAP requests that take too long to run, which might cause Crowd to stop communicating with LDAP directories until it is restarted.

        1. ldap.log
          452 kB

          Form Name

            [CWD-2494] LDAP Synchronisation can fail unexpectedly due to mistiming in the "LDAP response read time out"

            Marcin Kempa made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 454290 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1509486 ] New: JAC Bug Workflow v3 [ 3365560 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            vkharisma made changes -
            Link New: This issue was cloned as JRACLOUD-34820 [ JRACLOUD-34820 ]
            vkharisma made changes -
            Link New: This issue causes CONFCLOUD-24460 [ CONFCLOUD-24460 ]
            Owen made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1391532 ] New: Simplified Crowd Development Workflow v2 - restricted [ 1509486 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 295880 ] New: Simplified Crowd Development Workflow v2 [ 1391532 ]

            joe added a comment -

            The fix for this issue (JDK-7011441) is present in:

            • JDK 8u60 (1.8.0_60-b27)

            If you're running into this, please upgrade your JVM to pick up the fix.

            (It's also fixed in 7u91 and 6u101, which are not publically available, but which may be available under a support contract.)

            joe added a comment - The fix for this issue ( JDK-7011441 ) is present in: JDK 8u60 (1.8.0_60-b27) If you're running into this, please upgrade your JVM to pick up the fix. (It's also fixed in 7u91 and 6u101, which are not publically available, but which may be available under a support contract.)

            joe added a comment -

            JDK-7011441 has now been resolved in the JDK project, and the fix backported to a number of stable branches. This will likely arrive in an upcoming public Oracle release of the JDK.

            joe added a comment - JDK-7011441 has now been resolved in the JDK project, and the fix backported to a number of stable branches. This will likely arrive in an upcoming public Oracle release of the JDK.
            joe made changes -
            Link New: This issue is related to CWD-4272 [ CWD-4272 ]

            Sorin Sbarnea (Citrix) added a comment -

            I am sure that a company like Atlassian that has most if not all products based on Java, does have a support contract with Oracle, which allows you to get help from Oracle on fixing a bug like this.

            Another alternative is to switch no another LDAP client library: http://stackoverflow.com/questions/389746/ldap-java-library

            Sorin Sbarnea (Citrix) added a comment - I am sure that a company like Atlassian that has most if not all products based on Java, does have a support contract with Oracle, which allows you to get help from Oracle on fixing a bug like this. Another alternative is to switch no another LDAP client library: http://stackoverflow.com/questions/389746/ldap-java-library

              Unassigned Unassigned
              mlassau Mark Lassau (Inactive)
              Affected customers:
              10 This affects my team
              Watchers:
              17 Start watching this issue

                Created:
                Updated:
                Resolved: