See http://jira.xwiki.org/jira/browse/XWIKI-3023
Should be fixed since 1.7.1 at least for the timeout on first connect/bind. On Wed, Dec 3, 2008 at 2:57 PM, Thomas Mortagne <[email protected]> wrote: > On Wed, Dec 3, 2008 at 10:45 AM, Cazottes Nicolas <[email protected]> wrote: >> Hi Thomas, >> >> I have searched deeper and finally found why I have this timeout. >> The explanation was found when sniffing the network between the Xwiki >> LDAP client and the penrose server. >> What happens in terms of messages exchanged with the LDAP server when it >> works (for exemple an openLDAP) is : >> 1 - bind request and response >> 2 - extended request and response >> 3 - search request and response >> >> The problem of penrose is that the extended request is not >> recognized/implemented by the server. So when receiving this request the >> server protects himself by closing directly the connection. This makes >> that the search request that follows ends in timeout. The error is not >> quite explicit there... >> >> So I searched why there is an extended request and what is it for. I >> discovered that the LDAP Client library sends this request to the server >> when a call is done on LDAPConnection.isConnectionAlive(). It is a sort >> of a ping where the server normally responds that the extended request >> is not known. >> My questions at this point are : is this behaviour knowned and whished >> by the xwiki ldap connection developpers ? As it is slightly >> underperformant, would it be usefull to make this test not mandatory >> through a configuration key for example ? > > I just looked at XWikiLDAPConnection.open and yes I think the line > > succeed = this.connection.isConnected() && > this.connection.isConnectionAlive() && this.connection.isBound(); > > is not really useful as if there is a problem connect() or bind() > should throw exception so I think we can just have > > succeed = true; > > or something like that. > >> >> >> In order to improve all of this, what I suggest is to : >> 1 - use a newer version of the ldap client in Xwiki with a clearly >> determined version. The new one is on the novell web site at >> http://developer.novell.com/wiki/index.php/Jldap. This would make the >> error a little clearer (an IOException is raised when the last jldap >> client library is compiled and used). >> 2 - optimize the LDAP connection by not doing unnecessary extended request. >> I plan to do it to solve my problem and I can send it through a JIRA for >> you to integrate it in Xwiki. >> >> For the other points, I put my comments in the content of the mail. >> >> >> Nicolas >> >> >> Thomas Mortagne a écrit : >>> Hi Nicolas, >>> >>> On Mon, Dec 1, 2008 at 1:29 PM, Cazottes Nicolas <[email protected]> wrote: >>> >>>> Hello, >>>> >>>> I am trying to use Penrose LDAP virtual server >>>> (http://docs.safehaus.org/display/PENROSE/Home) as an LDAP source to >>>> manage authentification of my xwiki instance. >>>> The connection to the server works fine but when xwiki tries to search >>>> for my user, it stops with the following exception : >>>> 2008-12-01 10:06:38,921 >>>> [http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] >>>> DEBUG ldap.XWikiLDAPUtils - Searching for the user in LDAP: >>>> user:nca base: query:(uid=nca) uid:uid >>>> 2008-12-01 10:06:39,921 >>>> [http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] >>>> DEBUG ldap.XWikiLDAPConnection - LDAP Search failed >>>> LDAPException: Client request timed out (85) LDAP Timeout >>>> at com.novell.ldap.Message$Timeout.run(Unknown Source) >>>> 2008-12-01 10:06:39,921 >>>> [http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] [P1-19] >>>> DEBUG LDAP.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed. >>>> >>>> After searching in the xwiki source code, I found there is a timeout of >>>> 1s for a search query to execute (in XWikiLDAPConnection line 292). It >>>> may explains the error I imagine. >>>> Is it possible to make this timeout defined via a configuration key in >>>> xwiki.cfg ? >>>> >>> >>> I just created http://jira.xwiki.org/jira/browse/XWIKI-2912 >>> >>> >>>> Another point related to xwiki LDAP logs : I don't like very much to >>>> have the password sent to xwiki writen clearly in the log file when LDAP >>>> debug is activated. Is it possible to have stars instead of the real >>>> value of the password ? >>>> >>> >>> and http://jira.xwiki.org/jira/browse/XWIKI-2913 >>> >>> >>>> If someone can do these modifications to the code, I will be pleased to >>>> test them. >>>> I would like to test it by myself but, currently, I did not manage to >>>> build xwiki with maven after checking out the source. >>>> >>> >>> I you already checkouted the sources you just need to execute "mvn >>> install" (after installing maven of course) in xwiki-core folder >>> (where is located the LDAP code) and replace the >>> xwiki-core-<version>.jar in your web app by the generated one. You can >>> look at http://dev.xwiki.org/xwiki/bin/view/Community/Building for >>> more details (I guess you already looked here but never knows ;)). >>> >>> >> For the build, actually it works fine for all the maven projects >> excepted gwt and wysiwyg. >> When I launch : mvn install -Dmaven.test.skip=true -Pwindows, I have the >> following error : >> [INFO] >> ------------------------------------------------------------------------ >> [INFO] Building XWiki Platform - Web - WYSIWYG >> [INFO] task-segment: [install] >> [INFO] >> ------------------------------------------------------------------------ >> [INFO] [remote-resources:process {execution: xwiki-license-resources}] >> [INFO] [resources:resources] >> [INFO] Using default encoding to copy filtered resources. >> [INFO] [compiler:compile] >> [INFO] Nothing to compile - all classes are up to date >> [INFO] [dependency:unpack {execution: unzip-gwt-libs}] >> [INFO] Configured Artifact: com.google.gwt:gwt-dev:windows-libs:1.5.2:zip >> [INFO] gwt-dev-1.5.2-windows-libs.zip already unpacked. >> [INFO] [gwt:compile {execution: generate-javascript}] >> [INFO] establishing classpath list (buildClaspathList - scope = COMPILE) >> [INFO] google.webtoolkit.home (gwtHome) *not* set, using project POM for >> GWT dependencies >> La ligne entrée est trop longue. >> [INFO] >> ------------------------------------------------------------------------ >> [ERROR] BUILD ERROR >> [INFO] >> ------------------------------------------------------------------------ >> [INFO] Exception attempting to run script - compile.cmd >> >> Embedded error: compile.cmd script exited abnormally with code - 255 >> [INFO] >> ------------------------------------------------------------------------ >> [INFO] Trace >> org.apache.maven.lifecycle.LifecycleExecutionException: Exception >> attempting to run script - compile.cmd >> at >> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:583) >> at >> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalWithLifecycle(DefaultLifecycleExecutor.java:499) >> at >> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleExecutor.java:478) >> at >> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(DefaultLifecycleExecutor.java:330) >> at >> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLifecycleExecutor.java:291) >> at >> org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:142) >> at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:336) >> at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:129) >> at org.apache.maven.cli.MavenCli.main(MavenCli.java:287) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at >> org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315) >> at org.codehaus.classworlds.Launcher.launch(Launcher.java:255) >> at >> org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430) >> at org.codehaus.classworlds.Launcher.main(Launcher.java:375) >> Caused by: org.apache.maven.plugin.MojoExecutionException: Exception >> attempting to run script - compile.cmd >> at >> com.totsp.mavenplugin.gwt.scripting.ScriptUtil.runScript(ScriptUtil.java:32) >> at >> com.totsp.mavenplugin.gwt.CompileMojo.execute(CompileMojo.java:62) >> at >> org.apache.maven.plugin.DefaultPluginManager.executeMojo(DefaultPluginManager.java:451) >> at >> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:558) >> ... 16 more >> Caused by: org.apache.maven.plugin.MojoExecutionException: compile.cmd >> script exited abnormally with code - 255 >> at >> com.totsp.mavenplugin.gwt.scripting.ScriptUtil.runScript(ScriptUtil.java:28) >> ... 19 more > > The real error seems to be "La ligne entrée est trop longue." but I > don't know where GWT can have a line length problem. Are you building > from a very deep path ? > >> >>> You can comment or even add a patch in theses two issues if you have >>> some time ;) >>> >>> >> Ok, I will try to submit patches of quality. >> >>>> Thank you for your help. >>>> >>>> Nicolas CAZOTTES >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.xwiki.org/mailman/listinfo/users >>>> >>>> >>> >>> >>> >>> >> >> -- >> >> Nicolas CAZOTTES >> Chef de Projets >> SQLI Paris >> 01 55 93 25 51 >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Thomas Mortagne > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
