Details
-
Suggestion
-
Resolution: Won't Do
-
None
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
The TCP/IP level resulted in drop of a LDAP connection by a firewall. Jira sends a bindRequest() and fires all others into same. After the requests are done connection is not closed. The firewall closes this connections without telling Jira. Then Jira tries to resend but there is no connection.
— Below the failure —
2013-04-25 09:22:59,594 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = DC=Wirecard,DC=lan - filter = (&(&(objectCategory=Person)(memberOf=CN=Jira_Users,OU=Groups Application,OU=Munich,OU=Germany,DC=Wirecard,DC=lan)(sAMAccountName=*))(mail=local.admin.thomas.deiler)) 2013-04-25 09:22:59,600 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [transaction.compensating.manager.ContextSourceTransactionManager] Creating new transaction with name [null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT 2013-04-25 09:22:59,603 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [ldap.core.support.AbstractContextSource] Got Ldap context on server 'ldap://ldapserver:389' 2013-04-25 09:22:59,604 http-bio-8080-exec-10 DEBUG anonymous 562x23051x1 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Paged results are enabled with a paging size of: 1000
— then it worked —
2013-04-25 09:24:45,288 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = DC=Wirecard,DC=lan - filter = (&(&(objectCategory=Person)(memberOf=CN=Jira_Users,OU=Groups Application,OU=Munich,OU=Germany,DC=Wirecard,DC=lan)(sAMAccountName=*))(mail=local.admin.thomas.deiler)) 2013-04-25 09:24:45,289 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [transaction.compensating.manager.ContextSourceTransactionManager] Creating new transaction with name [null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT 2013-04-25 09:24:45,301 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [ldap.core.support.AbstractContextSource] Got Ldap context on server 'ldap://ldapserver:389' 2013-04-25 09:24:45,301 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Paged results are enabled with a paging size of: 1000 2013-04-25 09:24:45,302 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [springframework.ldap.core.LdapTemplate] PartialResultException encountered and ignored javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=Wirecard,DC=lan' 2013-04-25 09:24:45,305 http-bio-8080-exec-2 DEBUG anonymous 564x23052x2 ct3qh4 10.10.x.x /rest/gadget/1.0/login [transaction.compensating.manager.Transactio nAwareDirContextInvocationHandler] Leaving transactional context open
Many times it runs for the LDAP Sync into a timeout:
2013-04-25 10:49:26,520 QuartzWorker-0 ERROR ServiceRunner [atlassian.crowd.directory.MicrosoftActiveDirectory] Error looking up attributes for highestCommittedUSN org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name '/' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:215) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793) at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:822) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$3.call(LdapTemplateWithClassLoaderWrapper.java:77) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.lookup(LdapTemplateWithClassLoaderWrapper.java:74) at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:288) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:641) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34) at org.quartz.core.JobRunShell.run(JobRunShell.java:195) at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name '/' at com.sun.jndi.ldap.Connection.readReply(Connection.java:466) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965) at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1914) at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1008)
We should have a timeout setting for the idle connection as we got for the database.
Attachments
Issue Links
- relates to
-
JRASERVER-34820 LDAP Synchronisation can fail unexpectedly due to mistiming in the "LDAP response read time out"
- Closed
-
JRACLOUD-32834 Timeout setting for LDAP connection in JIRA
- Closed