Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
LDAP provides UI and default values to set certain connection properties, specifically:
'ldap.connection.timeout' 'ldap.search.timelimit' 'ldap.read.timeout'
These properties are not present in the delegated LDAP server however, and there is no way to set them without making a database change. Consequently, if a connection or read request hangs, all authentication requets for that user are blocked waiting for it to resolve which effectively renders the user inactive.
Upon creating new delegated LDAPs, default values should be provided so this issue doesn't occur, and ideally some way to set it in UI would also be useful (covered in
Workaround
These values can if necessary be set in DB manually:
INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.connection.timeout', '120000'); INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.search.timelimit', '60000'); INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.read.timeout', '10000');