Artifactory OSS: LDAP authentication timeout errors -
i installing artifactory oss @ company. worked during our tests, in production receive ldap authentication errors. details below:
- os: centos 7
- docker 1.10.1
- artifactory version: oss 4.12.0.1 in docker container
problem:
several times per day artifactory oss stops authenticating users ldap. @ same time, other services in neighbor containers continue operating same ldap server. user authentication rare, release rolling.
we found 1 workaround: - restarting artifactory container.
the error appears in logs during problem is:
2016-09-22 09:34:55,698 [http-nio-8081-exec-6] [error] (o.a.s.l.abstractldapservice:70) - error connecting ldap server: org.springframework.ldap.uncategorizedldapexception: uncategorized exception occured during ldap processing; nested exception javax.naming.namingexception: ldap response read timed out, timeout used:60000ms.; remaining name '/' @ org.springframework.ldap.support.ldaputils.convertldapexception(ldaputils.java:217) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release] @ org.springframework.ldap.core.ldaptemplate.executewithcontext(ldaptemplate.java:809) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release] @ org.springframework.ldap.core.ldaptemplate.executereadonly(ldaptemplate.java:792) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release] @ org.artifactory.security.ldap.newspringsecurityldaptemplate.searchforsingleentry(newspringsecurityldaptemplate.java:251) ~[artifactory-core-4.12.0.1.jar:na] @ org.artifactory.security.ldap.newfilterbasedldapusersearch.searchforuser(newfilterbasedldapusersearch.java:89) ~[artifactory-core-4.12.0.1.jar:na] @ org.artifactory.security.ldap.artifactorybindauthenticator.authenticate(artifactorybindauthenticator.java:141) ~[artifactory-core-4.12.0.1.jar:na] @ org.artifactory.security.ldap.ldapserviceimpl.testldapconnection(ldapserviceimpl.java:75) ~[artifactory-core-4.12.0.1.jar:na] @ org.artifactory.security.securityserviceimpl.testldapconnection(securityserviceimpl.java:2275) [artifactory-core-4.12.0.1.jar:na] @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) ~[na:1.8.0_91] @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:62) ~[na:1.8.0_91] @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43) ~[na:1.8.0_91] @ java.lang.reflect.method.invoke(method.java:498) ~[na:1.8.0_91] @ org.springframework.aop.support.aoputils.invokejoinpointusingreflection(aoputils.java:317) [spring-aop-4.1.5.release.jar:4.1.5.release] @ org.springframework.aop.framework.jdkdynamicaopproxy.invoke(jdkdynamicaopproxy.java:201) [spring-aop-4.1.5.release.jar:4.1.5.release] @ com.sun.proxy.$proxy28.testldapconnection(unknown source) [na:na] @ org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.testldapsettingsservice.testldapconnection(testldapsettingsservice.java:76) [artifactory-rest-ui-4.12.0.1.jar:na] @ org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.testldapsettingsservice.execute(testldapsettingsservice.java:63) [artifactory-rest-ui-4.12.0.1.jar:na] @ org.artifactory.rest.common.service.serviceexecutor.process(serviceexecutor.java:38) [artifactory-rest-common-4.12.0.1.jar:na] @ org.artifactory.rest.common.resource.baseresource.runservice(baseresource.java:92) [artifactory-rest-common-4.12.0.1.jar:na] @ org.artifactory.ui.rest.resource.admin.security.ldap.ldapsettingresource.testldapsetting(ldapsettingresource.java:96) [artifactory-rest-ui-4.12.0.1.jar:na] @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) ~[na:1.8.0_91] @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:62) ~[na:1.8.0_91] @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43) ~[na:1.8.0_91] @ java.lang.reflect.method.invoke(method.java:498) ~[na:1.8.0_91] @ com.sun.jersey.spi.container.javamethodinvokerfactory$1.invoke(javamethodinvokerfactory.java:60) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.model.method.dispatch.abstractresourcemethoddispatchprovider$responseoutinvoker._dispatch(abstractresourcemethoddispatchprovider.java:205) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.model.method.dispatch.resourcejavamethoddispatcher.dispatch(resourcejavamethoddispatcher.java:75) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.uri.rules.httpmethodrule.accept(httpmethodrule.java:302) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.uri.rules.righthandpathrule.accept(righthandpathrule.java:147) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.uri.rules.resourceclassrule.accept(resourceclassrule.java:108) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.uri.rules.righthandpathrule.accept(righthandpathrule.java:147) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.uri.rules.rootresourceclassesrule.accept(rootresourceclassesrule.java:84) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.application.webapplicationimpl._handlerequest(webapplicationimpl.java:1542) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.application.webapplicationimpl._handlerequest(webapplicationimpl.java:1473) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.application.webapplicationimpl.handlerequest(webapplicationimpl.java:1419) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.server.impl.application.webapplicationimpl.handlerequest(webapplicationimpl.java:1409) [jersey-server-1.19.jar:1.19] @ com.sun.jersey.spi.container.servlet.webcomponent.service(webcomponent.java:409) [jersey-servlet-1.19.jar:1.19] @ com.sun.jersey.spi.container.servlet.servletcontainer.service(servletcontainer.java:558) [jersey-servlet-1.19.jar:1.19] @ com.sun.jersey.spi.container.servlet.servletcontainer.service(servletcontainer.java:733) [jersey-servlet-1.19.jar:1.19] @ javax.servlet.http.httpservlet.service(httpservlet.java:729) [servlet-api.jar:na] @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:292) [catalina.jar:8.0.32] @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32] @ org.artifactory.webapp.servlet.repofilter.execute(repofilter.java:200) [artifactory-web-application-4.12.0.1.jar:na] @ org.artifactory.webapp.servlet.repofilter.dofilter(repofilter.java:91) [artifactory-web-application-4.12.0.1.jar:na] @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32] @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32] @ org.artifactory.webapp.servlet.accessfilter.useauthentication(accessfilter.java:391) [artifactory-web-application-4.12.0.1.jar:na] @ org.artifactory.webapp.servlet.accessfilter.dofilterinternal(accessfilter.java:206) [artifactory-web-application-4.12.0.1.jar:na] @ org.artifactory.webapp.servlet.accessfilter.dofilter(accessfilter.java:160) [artifactory-web-application-4.12.0.1.jar:na] @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32] @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32] @ org.artifactory.webapp.servlet.requestfilter.dofilter(requestfilter.java:61) [artifactory-web-application-4.12.0.1.jar:na] @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32] @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32] @ org.artifactory.webapp.servlet.artifactoryfilter.dofilter(artifactoryfilter.java:111) [artifactory-web-application-4.12.0.1.jar:na] @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32] @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32] @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:212) [catalina.jar:8.0.32] @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:106) [catalina.jar:8.0.32] @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:141) [catalina.jar:8.0.32] @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:79) [catalina.jar:8.0.32] @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:88) [catalina.jar:8.0.32] @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:522) [catalina.jar:8.0.32] @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:1095) [tomcat-coyote.jar:8.0.32] @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:672) [tomcat-coyote.jar:8.0.32] @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.dorun(nioendpoint.java:1500) [tomcat-coyote.jar:8.0.32] @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.run(nioendpoint.java:1456) [tomcat-coyote.jar:8.0.32] @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java:1142) [na:1.8.0_91] @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:617) [na:1.8.0_91] @ org.apache.tomcat.util.threads.taskthread$wrappingrunnable.run(taskthread.java:61) [tomcat-util.jar:8.0.32] @ java.lang.thread.run(thread.java:745) [na:1.8.0_91] caused by: javax.naming.namingexception: ldap response read timed out, timeout used:60000ms. @ com.sun.jndi.ldap.connection.readreply(connection.java:490) ~[na:1.8.0_91] @ com.sun.jndi.ldap.ldapclient.getsearchreply(ldapclient.java:638) ~[na:1.8.0_91] @ com.sun.jndi.ldap.ldapclient.search(ldapclient.java:561) ~[na:1.8.0_91] @ com.sun.jndi.ldap.ldapctx.dosearch(ldapctx.java:1985) ~[na:1.8.0_91] @ com.sun.jndi.ldap.ldapctx.searchaux(ldapctx.java:1844) ~[na:1.8.0_91] @ com.sun.jndi.ldap.ldapctx.c_search(ldapctx.java:1769) ~[na:1.8.0_91] @ com.sun.jndi.ldap.ldapctx.c_search(ldapctx.java:1786) ~[na:1.8.0_91] @ com.sun.jndi.toolkit.ctx.componentdircontext.p_search(componentdircontext.java:418) ~[na:1.8.0_91] @ com.sun.jndi.toolkit.ctx.partialcompositedircontext.search(partialcompositedircontext.java:396) ~[na:1.8.0_91] @ javax.naming.directory.initialdircontext.search(initialdircontext.java:297) ~[na:1.8.0_91] @ org.artifactory.security.ldap.newspringsecurityldaptemplate.searchforsingleentryinternal(newspringsecurityldaptemplate.java:59) ~[artifactory-core-4.12.0.1.jar:na] @ org.artifactory.security.ldap.newspringsecurityldaptemplate$3.executewithcontext(newspringsecurityldaptemplate.java:253) ~[artifactory-core-4.12.0.1.jar:na] @ org.springframework.ldap.core.ldaptemplate.executewithcontext(ldaptemplate.java:806) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release] ... 69 common frames omitted 2016-09-22 09:34:55,700 [http-nio-8081-exec-6] [error] (o.a.s.l.abstractldapservice:71) - error connecting ldap server:
first, important mention in order improve search performance, artifactory ldap 'search base' field should narrow possible , point specific area includes of requirements (users, groups...), still not force artifactory search on entire tree (which can pretty heavy). regards timeout, can increase default timeout value modifying 'artifactory.security.ldap.socket.timeoutmillis' flag in $artifactory_home/etc/artifactory.system.properties file. might find pool timeout useful (artifactory.security.ldap.pool.timeoutmillis) timeout idle connections , clean stale connections.
Comments
Post a Comment