Hi Thomas, I have searched deeper and finally found why I have this timeout. The explanation was found when sniffing the network between the Xwiki LDAP client and the penrose server. What happens in terms of messages exchanged with the LDAP server when it works (for exemple an openLDAP) is : 1 - bind request and response 2 - extended request and response 3 - search request and response
The problem of penrose is that the extended request is not recognized/implemented by the server. So when receiving this request the server protects himself by closing directly the connection. This makes that the search request that follows ends in timeout. The error is not quite explicit there... So I searched why there is an extended request and what is it for. I discovered that the LDAP Client library sends this request to the server when a call is done on LDAPConnection.isConnectionAlive(). It is a sort of a ping where the server normally responds that the extended request is not known. My questions at this point are : is this behaviour knowned and whished by the xwiki ldap connection developpers ? As it is slightly underperformant, would it be usefull to make this test not mandatory through a configuration key for example ? In order to improve all of this, what I suggest is to : 1 - use a newer version of the ldap client in Xwiki with a clearly determined version. The new one is on the novell web site at http://developer.novell.com/wiki/index.php/Jldap. This would make the error a little clearer (an IOException is raised when the last jldap client library is compiled and used). 2 - optimize the LDAP connection by not doing unnecessary extended request. I plan to do it to solve my problem and I can send it through a JIRA for you to integrate it in Xwiki. For the other points, I put my comments in the content of the mail. Nicolas Thomas Mortagne a écrit : > Hi Nicolas, > > On Mon, Dec 1, 2008 at 1:29 PM, Cazottes Nicolas <[EMAIL PROTECTED]> wrote: > >> Hello, >> >> I am trying to use Penrose LDAP virtual server >> (http://docs.safehaus.org/display/PENROSE/Home) as an LDAP source to >> manage authentification of my xwiki instance. >> The connection to the server works fine but when xwiki tries to search >> for my user, it stops with the following exception : >> 2008-12-01 10:06:38,921 >> [http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] >> DEBUG ldap.XWikiLDAPUtils - Searching for the user in LDAP: >> user:nca base: query:(uid=nca) uid:uid >> 2008-12-01 10:06:39,921 >> [http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] >> DEBUG ldap.XWikiLDAPConnection - LDAP Search failed >> LDAPException: Client request timed out (85) LDAP Timeout >> at com.novell.ldap.Message$Timeout.run(Unknown Source) >> 2008-12-01 10:06:39,921 >> [http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] >> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. >> >> After searching in the xwiki source code, I found there is a timeout of >> 1s for a search query to execute (in XWikiLDAPConnection line 292). It >> may explains the error I imagine. >> Is it possible to make this timeout defined via a configuration key in >> xwiki.cfg ? >> > > I just created http://jira.xwiki.org/jira/browse/XWIKI-2912 > > >> Another point related to xwiki LDAP logs : I don't like very much to >> have the password sent to xwiki writen clearly in the log file when LDAP >> debug is activated. Is it possible to have stars instead of the real >> value of the password ? >> > > and http://jira.xwiki.org/jira/browse/XWIKI-2913 > > >> If someone can do these modifications to the code, I will be pleased to >> test them. >> I would like to test it by myself but, currently, I did not manage to >> build xwiki with maven after checking out the source. >> > > I you already checkouted the sources you just need to execute "mvn > install" (after installing maven of course) in xwiki-core folder > (where is located the LDAP code) and replace the > xwiki-core-<version>.jar in your web app by the generated one. You can > look at http://dev.xwiki.org/xwiki/bin/view/Community/Building for > more details (I guess you already looked here but never knows ;)). > > For the build, actually it works fine for all the maven projects excepted gwt and wysiwyg. When I launch : mvn install -Dmaven.test.skip=true -Pwindows, I have the following error : [INFO] ------------------------------------------------------------------------ [INFO] Building XWiki Platform - Web - WYSIWYG [INFO] task-segment: [install] [INFO] ------------------------------------------------------------------------ [INFO] [remote-resources:process {execution: xwiki-license-resources}] [INFO] [resources:resources] [INFO] Using default encoding to copy filtered resources. [INFO] [compiler:compile] [INFO] Nothing to compile - all classes are up to date [INFO] [dependency:unpack {execution: unzip-gwt-libs}] [INFO] Configured Artifact: com.google.gwt:gwt-dev:windows-libs:1.5.2:zip [INFO] gwt-dev-1.5.2-windows-libs.zip already unpacked. [INFO] [gwt:compile {execution: generate-javascript}] [INFO] establishing classpath list (buildClaspathList - scope = COMPILE) [INFO] google.webtoolkit.home (gwtHome) *not* set, using project POM for GWT dependencies La ligne entrée est trop longue. [INFO] ------------------------------------------------------------------------ [ERROR] BUILD ERROR [INFO] ------------------------------------------------------------------------ [INFO] Exception attempting to run script - compile.cmd Embedded error: compile.cmd script exited abnormally with code - 255 [INFO] ------------------------------------------------------------------------ [INFO] Trace org.apache.maven.lifecycle.LifecycleExecutionException: Exception attempting to run script - compile.cmd at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:583) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalWithLifecycle(DefaultLifecycleExecutor.java:499) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleExecutor.java:478) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(DefaultLifecycleExecutor.java:330) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLifecycleExecutor.java:291) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:142) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:336) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:129) at org.apache.maven.cli.MavenCli.main(MavenCli.java:287) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315) at org.codehaus.classworlds.Launcher.launch(Launcher.java:255) at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430) at org.codehaus.classworlds.Launcher.main(Launcher.java:375) Caused by: org.apache.maven.plugin.MojoExecutionException: Exception attempting to run script - compile.cmd at com.totsp.mavenplugin.gwt.scripting.ScriptUtil.runScript(ScriptUtil.java:32) at com.totsp.mavenplugin.gwt.CompileMojo.execute(CompileMojo.java:62) at org.apache.maven.plugin.DefaultPluginManager.executeMojo(DefaultPluginManager.java:451) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:558) ... 16 more Caused by: org.apache.maven.plugin.MojoExecutionException: compile.cmd script exited abnormally with code - 255 at com.totsp.mavenplugin.gwt.scripting.ScriptUtil.runScript(ScriptUtil.java:28) ... 19 more > You can comment or even add a patch in theses two issues if you have > some time ;) > > Ok, I will try to submit patches of quality. >> Thank you for your help. >> >> Nicolas CAZOTTES >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> >> > > > > -- Nicolas CAZOTTES Chef de Projets SQLI Paris 01 55 93 25 51 _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
