[jira] [Closed] (OAK-2783) Make LDAP connection pool 'testOnBorrow' configurable

Mon, 18 May 2015 07:30:33 -0700 

     [ 
https://issues.apache.org/jira/browse/OAK-2783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Davide Giannella closed OAK-2783.
---------------------------------

Bulk close for 1.0.14

> Make LDAP connection pool 'testOnBorrow' configurable
> -----------------------------------------------------
>
>                 Key: OAK-2783
>                 URL: https://issues.apache.org/jira/browse/OAK-2783
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: auth-ldap
>    Affects Versions: 1.2
>            Reporter: Tobias Bocanegra
>            Assignee: Tobias Bocanegra
>            Priority: Minor
>              Labels: docs-impacting, resilience
>             Fix For: 1.3.0, 1.0.14, 1.2.3
>
>
> Depending of the LDAP server configuration, it fails to connect as the server 
> doesn't allow the connection validation query.
> It fails on 
> {quote}
> Caused by: java.util.NoSuchElementException: Could not create a validated 
> object, cause: ValidateObject failed
> at 
> org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233)
> at 
> org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:56)
> at 
> org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.connect(LdapIdentityProvider.java:532)
> ... 92 common frames omitted
> {quote}
> Based on customer analyze of Oak code this is the reason it fails:
> {quote}
>       I think I have found a solution for the problem. While the system is 
> initializing the connection it tries to validate the connection. This is the 
> reason for the strange search request:
> SearchRequest
> baseDn : ''
> filter : '(objectClass=*)'
> scope : base object
> Because such kind of requests are not allowed in the client's ldap system the 
> connection is being rejected (as invalid). It is configurable if the 
> connection should be validated. The class 
> org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider
>  contains this code
> if (config.getAdminPoolConfig().getMaxActive() != 0) {
> adminPool = new LdapConnectionPool(adminConnectionFactory);
> adminPool.setTestOnBorrow(true);
> adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
> adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
> }
> A solution for our Problem would most probably be to change the 
> connectionPool configuration adminPool.setTestOnBorrow(false);
> This Parameter comes sadly not from the identity provider configuration.
> Is there a way to change this this parameter without creating an own 
> implementation of the identity provider?
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to