You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2018/11/10 15:37:00 UTC

[jira] [Comment Edited] (DIRSTUDIO-1197) Connection Network check fails when using the LDAP API

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16682472#comment-16682472 ] 

Emmanuel Lecharny edited comment on DIRSTUDIO-1197 at 11/10/18 3:36 PM:
------------------------------------------------------------------------

The failure is due to a change made in M14: the timeout is set when it wasn't in the previous version, except that the value is {{30}}, when it should be {{30000}}. 30ms is way to short to have the connection established, except if the server is local. Clearly, the fact that the timeout is in milliseconds instead of being in seconds is confusing. I do think we should always set it in seconds (it makes no sense to set it in sub-second fraction), even if we convert it to milliseconds internally.

Here is the root cause, in {{AbstractConnectionParameterPage.java}} :

{code:java}
    private Connection getTestConnection()
    {
        ConnectionParameter connectionParameter = new ConnectionParameter( null, getHostName(), getPort(),
            getEncyrptionMethod(),
            getNetworkProvider(), ConnectionParameter.AuthenticationMethod.NONE, null, null, null, true, null, 30 ); <<---- Here

        return new Connection( connectionParameter );
    }
{code}

I have no idea why this value has been introduced, and I can't find who did it (well, it does not really matter either, just wanted to get a bit of history). 


was (Author: elecharny):
The failure is due to a change made in M14: the timeout is set when it wasn't in the previous version, except that the value is {{30}}, when it should be {{30000}}. Clearly, the fact that the timeout is in milliseconds instead of being in seconds is confusing. I do think we should always set it in seconds (it makes no sense to set it in sub-second fraction), even if we convert it to milliseconds internally.

Here is the root cause, in {{AbstractConnectionParameterPage.java}} :

{code:java}
    private Connection getTestConnection()
    {
        ConnectionParameter connectionParameter = new ConnectionParameter( null, getHostName(), getPort(),
            getEncyrptionMethod(),
            getNetworkProvider(), ConnectionParameter.AuthenticationMethod.NONE, null, null, null, true, null, 30 ); <<---- Here

        return new Connection( connectionParameter );
    }
{code}

I have no idea why this value has been introduced, and I can't find who did it (well, it does not really matter either, just wanted to get a bit of history). 

> Connection Network check fails when using the LDAP API
> ------------------------------------------------------
>
>                 Key: DIRSTUDIO-1197
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1197
>             Project: Directory Studio
>          Issue Type: Bug
>          Components: studio-connection
>    Affects Versions: 2.0.0-M14
>            Reporter: Emmanuel Lecharny
>            Priority: Major
>
> When trying to check a network connection using SSL, with the LDAP API, we get an Handshake exception:
> {noformat}
> The connection failed
>  - ERR_04122_SSL_CONTEXT_INIT_FAILURE Failed to initialize the SSL context
>   org.apache.directory.api.ldap.model.exception.LdapException: ERR_04122_SSL_CONTEXT_INIT_FAILURE Failed to initialize the SSL context
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:695)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$1.run(DirectoryApiConnectionWrapper.java:247)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1312)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doConnect(DirectoryApiConnectionWrapper.java:281)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.connect(DirectoryApiConnectionWrapper.java:172)
> 	at org.apache.directory.studio.connection.core.jobs.CheckNetworkParameterRunnable.run(CheckNetworkParameterRunnable.java:80)
> 	at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:140)
> 	at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)
> Caused by: org.apache.directory.api.ldap.model.exception.LdapOperationException: ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:688)
> 	... 7 more
>   ERR_04122_SSL_CONTEXT_INIT_FAILURE Failed to initialize the SSL context
> {noformat}
> I'm using java {{1.8.0_171}} on Mac OSX.
> The thing is that checking networking connection using {{JNDI}} just works. 
> Even weirder is that if I check the authentication, I get the connection working just fine.
> There is something fishy in the connection check...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)