Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-36041

default ldap timeouts are inappropriate

    XMLWordPrintable

Details

    Description

      when com.sun.jndi.ldap.read.timeout and com.sun.jndi.ldap.connect.timeout are not set the plugin uses the system defaults which are in appropriate. If not set the plugin should set them to something appropriate.

      Attachments

        Issue Links

          Activity

            teilo James Nord created issue -
            teilo James Nord made changes -
            Field Original Value New Value
            Issue Type New Feature [ 2 ] Bug [ 1 ]
            fbelzunc Félix Belzunce Arcos made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 172684 ] JNJira + In-Review [ 185795 ]
            batmat Baptiste Mathus added a comment - - edited

            This issue is listed as fixed through 1.48 changelog, though still unresolved, is this true?
            Gonna check the commits.

            batmat Baptiste Mathus added a comment - - edited This issue is listed as fixed through 1.48 changelog, though still unresolved, is this true? Gonna check the commits.
            batmat Baptiste Mathus added a comment - At least https://github.com/jenkinsci/active-directory-plugin/commit/d8495d702d4e526d76d3b700744db86bb0a84eb3
            batmat Baptiste Mathus made changes -
            Status In Progress [ 3 ] Open [ 1 ]

            Released in 1.48

            batmat Baptiste Mathus added a comment - Released in 1.48
            batmat Baptiste Mathus made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]

            For reference, now with that change:

             /**
                 * Timeout if no connection after 30 seconds
                */
                private final static String DEFAULT_LDAP_CONNECTION_TIMEOUT = "30000";
                /**
                 * Timeout if no response after 60 seconds
                 */
                private final static String DEFAULT_LDAP_READ_TIMEOUT = "60000";
            
            batmat Baptiste Mathus added a comment - For reference, now with that change: /** * Timeout if no connection after 30 seconds */ private final static String DEFAULT_LDAP_CONNECTION_TIMEOUT = "30000" ; /** * Timeout if no response after 60 seconds */ private final static String DEFAULT_LDAP_READ_TIMEOUT = "60000" ;
            teilo James Nord added a comment -

            Issue is not yet fixed.

            The connection timeout can not be used due to an Oracle JDK bug.

            teilo James Nord added a comment - Issue is not yet fixed. The connection timeout can not be used due to an Oracle JDK bug.
            teilo James Nord made changes -
            Resolution Fixed [ 1 ]
            Status Resolved [ 5 ] Reopened [ 4 ]
            recampbell Ryan Campbell made changes -
            Assignee Félix Belzunce Arcos [ fbelzunc ]
            recampbell Ryan Campbell added a comment -

            teilo seems like we need some context or reference for your comment.

            recampbell Ryan Campbell added a comment - teilo seems like we need some context or reference for your comment.
            teilo James Nord added a comment - It's all in the PR. Direct link https://github.com/jenkinsci/active-directory-plugin/pull/37/commits/a037bde7e17fdfc9286644cd7a905f7b8e398ed2
            teilo James Nord added a comment -

            Not use for the moment DEFAULT_LDAP_CONNECTION_TIMEOUT since JDK-8139721, JDK-8139942 breaks the plugin usage

            teilo James Nord added a comment - Not use for the moment DEFAULT_LDAP_CONNECTION_TIMEOUT since JDK-8139721, JDK-8139942 breaks the plugin usage
            batmat Baptiste Mathus made changes -
            Summary default ldap timeouts are innapropriate. default ldap timeouts are inappropriate
            teilo James Nord added a comment -

            [https://bugs.openjdk.java.net/browse/JDK-8139721 | JDK-8139721]

            However the workaround seems not to work...

            teilo James Nord added a comment - [https://bugs.openjdk.java.net/browse/JDK-8139721 | JDK-8139721] However the workaround seems not to work...
            fbelzunc Félix Belzunce Arcos made changes -
            Assignee Félix Belzunce Arcos [ fbelzunc ]
            fbelzunc Félix Belzunce Arcos made changes -
            Status Reopened [ 4 ] Open [ 1 ]
            fbelzunc Félix Belzunce Arcos made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            recampbell Ryan Campbell made changes -
            Assignee Félix Belzunce Arcos [ fbelzunc ]
            recampbell Ryan Campbell made changes -
            Status In Progress [ 3 ] Open [ 1 ]

            The issue seems to be
            https://github.com/jenkinsci/active-directory-plugin/blob/active-directory-2.0/src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java#L572 specifically because the property should not be added if the connection is not running through SSL. Once you correctly handle this, DEFAULT_LDAP_CONNECTION_TIMEOUT seems to work. I am working on a fix.

            newProps.put("java.naming.ldap.factory.socket",TrustAllSocketFactory.class.getName());
            
            fbelzunc Félix Belzunce Arcos added a comment - The issue seems to be https://github.com/jenkinsci/active-directory-plugin/blob/active-directory-2.0/src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java#L572 specifically because the property should not be added if the connection is not running through SSL. Once you correctly handle this, DEFAULT_LDAP_CONNECTION_TIMEOUT seems to work. I am working on a fix. newProps.put( "java.naming.ldap.factory.socket" ,TrustAllSocketFactory. class. getName());
            fbelzunc Félix Belzunce Arcos made changes -
            Assignee Félix Belzunce Arcos [ fbelzunc ]
            fbelzunc Félix Belzunce Arcos made changes -
            Status Open [ 1 ] In Progress [ 3 ]

            Code changed in jenkins
            User: Félix Belzunce Arcos
            Path:
            src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            http://jenkins-ci.org/commit/active-directory-plugin/7b68679b4425ae12700ed2b0dd3ec0df16f91343
            Log:
            JENKINS-36041 Enable com.sun.jndi.ldap.connect.timeout

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Félix Belzunce Arcos Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/7b68679b4425ae12700ed2b0dd3ec0df16f91343 Log: JENKINS-36041 Enable com.sun.jndi.ldap.connect.timeout

            Code changed in jenkins
            User: Felix Belzunce Arcos
            Path:
            src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
            src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
            http://jenkins-ci.org/commit/active-directory-plugin/f80f9555dbe17d61bd4e310e996cd95ee90fad1a
            Log:
            Merge pull request #62 from fbelzunc/JENKINS-36041-v4

            [FIXED JENKINS-36041 JENKINS-25269] Enable com.sun.jndi.ldap.connect.timeout

            Compare: https://github.com/jenkinsci/active-directory-plugin/compare/95effde74165...f80f9555dbe1

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Felix Belzunce Arcos Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/f80f9555dbe17d61bd4e310e996cd95ee90fad1a Log: Merge pull request #62 from fbelzunc/ JENKINS-36041 -v4 [FIXED JENKINS-36041 JENKINS-25269] Enable com.sun.jndi.ldap.connect.timeout Compare: https://github.com/jenkinsci/active-directory-plugin/compare/95effde74165...f80f9555dbe1

            Will be released in version 2.1

            fbelzunc Félix Belzunce Arcos added a comment - Will be released in version 2.1
            fbelzunc Félix Belzunce Arcos made changes -
            Resolution Fixed [ 1 ]
            Status In Progress [ 3 ] Resolved [ 5 ]
            cloudbees CloudBees Inc. made changes -
            Remote Link This issue links to "CloudBees Internal OSS-1092 (Web Link)" [ 18778 ]

            People

              fbelzunc Félix Belzunce Arcos
              teilo James Nord
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: