Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5959

Provide default values for timeouts in delegated LDAP directories

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      LDAP provides UI and default values to set certain connection properties, specifically:

      'ldap.connection.timeout'
      'ldap.search.timelimit'
      'ldap.read.timeout'
      

      These properties are not present in the delegated LDAP server however, and there is no way to set them without making a database change. Consequently, if a connection or read request hangs, all authentication requets for that user are blocked waiting for it to resolve which effectively renders the user inactive.
      Upon creating new delegated LDAPs, default values should be provided so this issue doesn't occur, and ideally some way to set it in UI would also be useful (covered in

      Workaround
      These values can if necessary be set in DB manually:

      INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.connection.timeout', '120000');
      
      INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.search.timelimit', '60000');
      
      INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.read.timeout', '10000');
      

            9cf8360ad6e8 Olga Svyryd (Inactive)
            mhenschke@atlassian.com Martin Henschke
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: