You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2015/04/16 20:28:58 UTC

[jira] [Created] (OAK-2783) Make LDAP connection pool 'testOnBorrow' configurable

Tobias Bocanegra created OAK-2783:
-------------------------------------

             Summary: Make LDAP connection pool 'testOnBorrow' configurable
                 Key: OAK-2783
                 URL: https://issues.apache.org/jira/browse/OAK-2783
             Project: Jackrabbit Oak
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.2
            Reporter: Tobias Bocanegra
            Assignee: Tobias Bocanegra
            Priority: Minor
             Fix For: 1.2.1


Depending of the LDAP server configuration, it fails to connect as the server doesn't allow the connection validation query.

It fails on 
{quote}
Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed
at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233)
at org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:56)
at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.connect(LdapIdentityProvider.java:532)
... 92 common frames omitted
{quote}

Based on customer analyze of Oak code this is the reason it fails:

{quote}
 	I think I have found a solution for the problem. While the system is initializing the connection it tries to validate the connection. This is the reason for the strange search request:

SearchRequest
baseDn : ''
filter : '(objectClass=*)'
scope : base object

Because such kind of requests are not allowed in the client's ldap system the connection is being rejected (as invalid). It is configurable if the connection should be validated. The class org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider contains this code

if (config.getAdminPoolConfig().getMaxActive() != 0) {
adminPool = new LdapConnectionPool(adminConnectionFactory);
adminPool.setTestOnBorrow(true);
adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
}

A solution for our Problem would most probably be to change the connectionPool configuration adminPool.setTestOnBorrow(false);
This Parameter comes sadly not from the identity provider configuration.

Is there a way to change this this parameter without creating an own implementation of the identity provider?
{quote}





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)