>> We are currently experiencing an issue with LDAP read timeouts not >> corresponding with settings set in CAS.... >> Our CAS generated >> LDAP search requests are always timing out at 2s as opposed to any other >> value inserted for the "com.sun.jndi.ldap.read.timeout" attribute in our >> deployerConfigContext.xml > >http://download.oracle.com/javase/tutorial/jndi/newstuff/readtimeout.html >indicates this environment property is new for Java 6; are you on the >right platform?
Yes, we are on Java SE 6. >The sure fire way to control the timeLimit on the >SearchRequest operation is to use >http://www.middleware.vt.edu/pubs/javase/6/docs/api/javax/naming/directory >/SearchControls.html#setTimeLimit%28int%29. > In CAS you can control that property by setting >BindLdapAuthenticationHandler#setTimeout(int) accordingly. See if >that does what you need. I wanted to stay away from changing code, but yes the setTimeout method does work, but in a weird way... There's always 1s added to the timeout value. Mostly confused by the 2s (1s+1s) timeout, I began checking the code for a 2s default. It didnĀ¹t exist, but I did note that both "BindLdapAuthenticationHandler" & "AbstractLdapPersonDirectoryCredentialsToPrincipalResolver" classes have 1s default timeouts. Interesting, but I wanted to resolve the issue without code modifications. Now on to checking our configuration... Checking out the LDAP CAS docs over at: https://wiki.jasig.org/display/CASUM/LDAP We see potentially conflicting documentation, as we were using this method to set timeouts: https://wiki.jasig.org/display/CASUM/LDAP#LDAP-SetupLDAPbindandreadtimeouts ...and were not using the BindLdapAuthenticationHandler timeout option: https://wiki.jasig.org/display/CASUM/LDAP#LDAP-BindLdapAuthenticationHandle r Once this was switched out, we are now able to successfully configure our LDAP read timeout. The odd part is that the abstract class' default timeout somehow affects the BindLdapAuthenticationHandler's timeout, as it adds 1s to the timeout set in the BindLdapAuthenticationHandler config. How this is happening baffles me at the moment. For example, this setup gives us a LDAP read timeout of 10s: <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > <property name="filter" value="uid=%u" /> <property name="searchBase" value="ou=XXXX,dc=nau,dc=edu" /> <property name="contextSource" ref="contextSource" /> <property name="timeout" value="9000" /> </bean> Should this be happening? Could we look into reviewing this documentation? Hope this helps someone down the line! ;) -Ray Walker > >M > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
