morrySnow commented on code in PR #61673:
URL: https://github.com/apache/doris/pull/61673#discussion_r2986985730
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java:
##########
@@ -66,19 +67,25 @@ public AuthenticateResponse
authenticate(AuthenticateRequest request) throws IOE
return AuthenticateResponse.failedResponse;
}
ClearPassword clearPassword = (ClearPassword) password;
- return internalAuthenticate(clearPassword.getPassword(),
request.getUserName(), request.getRemoteIp());
+ AuthenticateResponse response =
internalAuthenticate(clearPassword.getPassword(),
+ request.getUserName(), request.getRemoteIp());
+ long elapsed = System.currentTimeMillis() - start;
+ LOG.info("[LDAP-AUTH] LdapAuthenticator.authenticate: user={},
success={}, elapsed={}ms",
Review Comment:
remove prefix `[LDAP-AUTH]`, debug is enough?
##########
fe/fe-common/src/main/java/org/apache/doris/common/LdapConfig.java:
##########
@@ -87,7 +87,36 @@ public class LdapConfig extends ConfigBase {
public static long ldap_cache_timeout_day = 30;
/**
- * LDAP pool configuration:
+ * LDAP read timeout in milliseconds.
+ * Controls the maximum time to wait for an LDAP response after a request
is sent.
+ * Uses JNDI property "com.sun.jndi.ldap.read.timeout".
+ * Set to 0 for no timeout (not recommended). Default 5000ms.
+ */
+ @ConfigBase.ConfField(mutable = true)
+ public static int ldap_read_timeout_ms = 5000;
+
+ /**
+ * LDAP connect timeout in milliseconds.
+ * Controls the maximum time to wait for establishing a TCP connection to
the LDAP server.
+ * Uses JNDI property "com.sun.jndi.ldap.connect.timeout".
+ * Set to 0 for no timeout (not recommended). Default 5000ms.
+ */
+ @ConfigBase.ConfField(mutable = true)
+ public static int ldap_connect_timeout_ms = 5000;
+
+ /**
+ * Whether to use connection pooling for LDAP search operations.
+ * When true (default), uses Spring PoolingContextSource with ldap_pool_*
settings.
+ * When false, each LDAP search creates a fresh connection, avoiding dead
connection
+ * detection cost (testOnBorrow can burn read_timeout discovering stale
connections
+ * killed by firewalls/NAT idle timeout). Recommended to set false if
experiencing
+ * intermittent ~5s LDAP search latency spikes.
+ */
+ @ConfigBase.ConfField(mutable = true)
Review Comment:
mutable? i think it should be immutable
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
