You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2015/04/17 15:27:58 UTC

[jira] [Commented] (OAK-2783) Make LDAP connection pool 'testOnBorrow' configurable

    [ https://issues.apache.org/jira/browse/OAK-2783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14499818#comment-14499818 ] 

angela commented on OAK-2783:
-----------------------------

[~tripod], unless you merged your fix into the 1.2 branch it will only go into the next release cut from trunk which is the 1.3.0 release -> adjusted fix version accordingly.

> Make LDAP connection pool 'testOnBorrow' configurable
> -----------------------------------------------------
>
>                 Key: OAK-2783
>                 URL: https://issues.apache.org/jira/browse/OAK-2783
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: oak-auth-ldap
>    Affects Versions: 1.2
>            Reporter: Tobias Bocanegra
>            Assignee: Tobias Bocanegra
>            Priority: Minor
>             Fix For: 1.3.0
>
>
> Depending of the LDAP server configuration, it fails to connect as the server doesn't allow the connection validation query.
> It fails on 
> {quote}
> Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed
> at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233)
> at org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:56)
> at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.connect(LdapIdentityProvider.java:532)
> ... 92 common frames omitted
> {quote}
> Based on customer analyze of Oak code this is the reason it fails:
> {quote}
>  	I think I have found a solution for the problem. While the system is initializing the connection it tries to validate the connection. This is the reason for the strange search request:
> SearchRequest
> baseDn : ''
> filter : '(objectClass=*)'
> scope : base object
> Because such kind of requests are not allowed in the client's ldap system the connection is being rejected (as invalid). It is configurable if the connection should be validated. The class org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider contains this code
> if (config.getAdminPoolConfig().getMaxActive() != 0) {
> adminPool = new LdapConnectionPool(adminConnectionFactory);
> adminPool.setTestOnBorrow(true);
> adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
> adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
> }
> A solution for our Problem would most probably be to change the connectionPool configuration adminPool.setTestOnBorrow(false);
> This Parameter comes sadly not from the identity provider configuration.
> Is there a way to change this this parameter without creating an own implementation of the identity provider?
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)