Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.2.2
-
7.02
-
37
-
Severity 3 - Minor
-
3
-
Description
Original description from JRA-41025
Expected Behavior
Pool LDAP connections over SSL (LDAPS) as performed when connecting over plain LDAP.
Actual Behavior
LDAPS connections are not pooled, requiring JIRA to renegotiate the connection every time. This leads to poor performance and could cause synchronization failures, as described on this KB article.
Steps to Reproduce
- Setup any directory server with a considerable amount of users and groups (no limit pattern has been detected up until now);
- Enable SSL for the connection;
- Synchronize;
Workaround for pooling connections over SSL
Add the below argument to JIRA's startup options.
-Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'
Workaround for improving synchronization time (when using Microsoft Active Directory Server)
Albeit this won't resolve the pooling connections problem, it can significantly improve the synchronization time:
- Edit the LDAP directory:
- On Use the User Membership Attribute, under Membership Schema Settings:
- Uncheck "When finding the members of a group";
- Check "When finding the user’s group membership";
- Save the configuration and synchronize the directory;
Attachments
Issue Links
- is a regression of
-
JRASERVER-41025 Pool SSL LDAP connections
- Closed
- is related to
-
- Closed
- mentioned in
-
Page Loading...
-
-
-
-
-
-