Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5959

Provide default values for timeouts in delegated LDAP directories

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      LDAP provides UI and default values to set certain connection properties, specifically:

      'ldap.connection.timeout'
      'ldap.search.timelimit'
      'ldap.read.timeout'
      

      These properties are not present in the delegated LDAP server however, and there is no way to set them without making a database change. Consequently, if a connection or read request hangs, all authentication requets for that user are blocked waiting for it to resolve which effectively renders the user inactive.
      Upon creating new delegated LDAPs, default values should be provided so this issue doesn't occur, and ideally some way to set it in UI would also be useful (covered in

      Workaround
      These values can if necessary be set in DB manually:

      INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.connection.timeout', '120000');
      
      INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.search.timelimit', '60000');
      
      INSERT INTO public.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (<directory_id>, 'ldap.read.timeout', '10000');
      

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              mhenschke@atlassian.com Martin Henschke
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: