Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Directory - Internal/Delegated
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

LDAP provides UI and default values to set certain connection properties, specifically:

'ldap.connection.timeout'
'ldap.search.timelimit'
'ldap.read.timeout'

These properties are not present in the delegated LDAP server however, and there is no way to set them without making a database change. Consequently, if a connection or read request hangs, all authentication requets for that user are blocked waiting for it to resolve which effectively renders the user inactive.
Upon creating new delegated LDAPs, default values should be provided so this issue doesn't occur, and ideally some way to set it in UI would also be useful (covered in

Workaround
These values can if necessary be set in DB manually:

INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.connection.timeout', '120000');

INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.search.timelimit', '60000');

INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.read.timeout', '10000');

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

relates to: KRAK-5275 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Martin Henschke

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Jul/2023 11:44 PM

Updated:: 11/Sep/2023 7:58 AM