[JENKINS-36041] default ldap timeouts are inappropriate

Type: Bug
Resolution: Fixed
Priority: Minor
Component/s: active-directory-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

when com.sun.jndi.ldap.read.timeout and com.sun.jndi.ldap.connect.timeout are not set the plugin uses the system defaults which are in appropriate. If not set the plugin should set them to something appropriate.

links to

CloudBees Internal OSS-1092

Baptiste Mathus added a comment - 2016-09-20 09:12

For reference, now with that change:

 /**
     * Timeout if no connection after 30 seconds
    */
    private final static String DEFAULT_LDAP_CONNECTION_TIMEOUT = "30000";
    /**
     * Timeout if no response after 60 seconds
     */
    private final static String DEFAULT_LDAP_READ_TIMEOUT = "60000";

Baptiste Mathus added a comment - 2016-09-20 09:12 For reference, now with that change: /** * Timeout if no connection after 30 seconds */ private final static String DEFAULT_LDAP_CONNECTION_TIMEOUT = "30000" ; /** * Timeout if no response after 60 seconds */ private final static String DEFAULT_LDAP_READ_TIMEOUT = "60000" ;

James Nord added a comment - 2016-09-20 12:27

Issue is not yet fixed.

The connection timeout can not be used due to an Oracle JDK bug.

James Nord added a comment - 2016-09-20 12:27 Issue is not yet fixed. The connection timeout can not be used due to an Oracle JDK bug.

Ryan Campbell added a comment - 2016-10-05 22:24

teilo seems like we need some context or reference for your comment.

Ryan Campbell added a comment - 2016-10-05 22:24 teilo seems like we need some context or reference for your comment.

James Nord added a comment - 2016-10-06 08:20

It's all in the PR.
Direct link https://github.com/jenkinsci/active-directory-plugin/pull/37/commits/a037bde7e17fdfc9286644cd7a905f7b8e398ed2

James Nord added a comment - 2016-10-06 08:20 It's all in the PR. Direct link https://github.com/jenkinsci/active-directory-plugin/pull/37/commits/a037bde7e17fdfc9286644cd7a905f7b8e398ed2

James Nord added a comment - 2016-10-06 08:22

Not use for the moment DEFAULT_LDAP_CONNECTION_TIMEOUT since JDK-8139721, JDK-8139942 breaks the plugin usage

James Nord added a comment - 2016-10-06 08:22 Not use for the moment DEFAULT_LDAP_CONNECTION_TIMEOUT since JDK-8139721, JDK-8139942 breaks the plugin usage

James Nord added a comment - 2016-10-06 09:42

[https://bugs.openjdk.java.net/browse/JDK-8139721 | JDK-8139721]

However the workaround seems not to work...

James Nord added a comment - 2016-10-06 09:42 [https://bugs.openjdk.java.net/browse/JDK-8139721 | JDK-8139721] However the workaround seems not to work...

Félix Belzunce Arcos added a comment - 2017-02-23 15:53

The issue seems to be
https://github.com/jenkinsci/active-directory-plugin/blob/active-directory-2.0/src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java#L572 specifically because the property should not be added if the connection is not running through SSL. Once you correctly handle this, DEFAULT_LDAP_CONNECTION_TIMEOUT seems to work. I am working on a fix.

newProps.put("java.naming.ldap.factory.socket",TrustAllSocketFactory.class.getName());

Félix Belzunce Arcos added a comment - 2017-02-23 15:53 The issue seems to be https://github.com/jenkinsci/active-directory-plugin/blob/active-directory-2.0/src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java#L572 specifically because the property should not be added if the connection is not running through SSL. Once you correctly handle this, DEFAULT_LDAP_CONNECTION_TIMEOUT seems to work. I am working on a fix. newProps.put( "java.naming.ldap.factory.socket" ,TrustAllSocketFactory. class. getName());

SCM/JIRA link daemon added a comment - 2017-03-03 10:10

Code changed in jenkins
User: Félix Belzunce Arcos
Path:
src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/7b68679b4425ae12700ed2b0dd3ec0df16f91343
Log:
~~JENKINS-36041~~ Enable com.sun.jndi.ldap.connect.timeout

SCM/JIRA link daemon added a comment - 2017-03-03 10:10 Code changed in jenkins User: Félix Belzunce Arcos Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/7b68679b4425ae12700ed2b0dd3ec0df16f91343 Log: JENKINS-36041 Enable com.sun.jndi.ldap.connect.timeout

SCM/JIRA link daemon added a comment - 2017-03-03 10:10

Code changed in jenkins
User: Felix Belzunce Arcos
Path:
src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/f80f9555dbe17d61bd4e310e996cd95ee90fad1a
Log:
Merge pull request #62 from fbelzunc/~~JENKINS-36041~~-v4

[FIXED JENKINS-36041 JENKINS-25269] Enable com.sun.jndi.ldap.connect.timeout

Compare: https://github.com/jenkinsci/active-directory-plugin/compare/95effde74165...f80f9555dbe1

SCM/JIRA link daemon added a comment - 2017-03-03 10:10 Code changed in jenkins User: Felix Belzunce Arcos Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/f80f9555dbe17d61bd4e310e996cd95ee90fad1a Log: Merge pull request #62 from fbelzunc/ JENKINS-36041 -v4 [FIXED JENKINS-36041 JENKINS-25269] Enable com.sun.jndi.ldap.connect.timeout Compare: https://github.com/jenkinsci/active-directory-plugin/compare/95effde74165...f80f9555dbe1

Félix Belzunce Arcos added a comment - 2017-03-03 10:25

Will be released in version 2.1

Félix Belzunce Arcos added a comment - 2017-03-03 10:25 Will be released in version 2.1

Assignee:: Félix Belzunce Arcos

Reporter:: James Nord

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2016-06-17 13:03

Updated:: 2017-12-05 05:50

Resolved:: 2017-03-03 10:25

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Baptiste Mathus added a comment - 2016-09-20 09:12

Expand comment: Baptiste Mathus added a comment - 2016-09-20 09:12

Collapse comment: James Nord added a comment - 2016-09-20 12:27

Expand comment: James Nord added a comment - 2016-09-20 12:27

Collapse comment: Ryan Campbell added a comment - 2016-10-05 22:24

Expand comment: Ryan Campbell added a comment - 2016-10-05 22:24

Collapse comment: James Nord added a comment - 2016-10-06 08:20

Expand comment: James Nord added a comment - 2016-10-06 08:20

Collapse comment: James Nord added a comment - 2016-10-06 08:22

Expand comment: James Nord added a comment - 2016-10-06 08:22

Collapse comment: James Nord added a comment - 2016-10-06 09:42

Expand comment: James Nord added a comment - 2016-10-06 09:42

Collapse comment: Félix Belzunce Arcos added a comment - 2017-02-23 15:53

Expand comment: Félix Belzunce Arcos added a comment - 2017-02-23 15:53

Collapse comment: SCM/JIRA link daemon added a comment - 2017-03-03 10:10

Expand comment: SCM/JIRA link daemon added a comment - 2017-03-03 10:10

Collapse comment: SCM/JIRA link daemon added a comment - 2017-03-03 10:10

Expand comment: SCM/JIRA link daemon added a comment - 2017-03-03 10:10

Collapse comment: Félix Belzunce Arcos added a comment - 2017-03-03 10:25

Expand comment: Félix Belzunce Arcos added a comment - 2017-03-03 10:25

People

Dates