Artifactory OSS: LDAP authentication timeout errors -


i installing artifactory oss @ company. worked during our tests, in production receive ldap authentication errors. details below:

  • os: centos 7
  • docker 1.10.1
  • artifactory version: oss 4.12.0.1 in docker container

problem:

several times per day artifactory oss stops authenticating users ldap. @ same time, other services in neighbor containers continue operating same ldap server. user authentication rare, release rolling.

we found 1 workaround: - restarting artifactory container.

the error appears in logs during problem is:

2016-09-22 09:34:55,698 [http-nio-8081-exec-6] [error] (o.a.s.l.abstractldapservice:70) - error connecting ldap server: org.springframework.ldap.uncategorizedldapexception: uncategorized exception occured during ldap processing; nested exception javax.naming.namingexception: ldap response read timed out, timeout used:60000ms.; remaining name '/'     @ org.springframework.ldap.support.ldaputils.convertldapexception(ldaputils.java:217) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release]     @ org.springframework.ldap.core.ldaptemplate.executewithcontext(ldaptemplate.java:809) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release]     @ org.springframework.ldap.core.ldaptemplate.executereadonly(ldaptemplate.java:792) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release]     @ org.artifactory.security.ldap.newspringsecurityldaptemplate.searchforsingleentry(newspringsecurityldaptemplate.java:251) ~[artifactory-core-4.12.0.1.jar:na]     @ org.artifactory.security.ldap.newfilterbasedldapusersearch.searchforuser(newfilterbasedldapusersearch.java:89) ~[artifactory-core-4.12.0.1.jar:na]     @ org.artifactory.security.ldap.artifactorybindauthenticator.authenticate(artifactorybindauthenticator.java:141) ~[artifactory-core-4.12.0.1.jar:na]     @ org.artifactory.security.ldap.ldapserviceimpl.testldapconnection(ldapserviceimpl.java:75) ~[artifactory-core-4.12.0.1.jar:na]     @ org.artifactory.security.securityserviceimpl.testldapconnection(securityserviceimpl.java:2275) [artifactory-core-4.12.0.1.jar:na]     @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) ~[na:1.8.0_91]     @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:62) ~[na:1.8.0_91]     @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43) ~[na:1.8.0_91]     @ java.lang.reflect.method.invoke(method.java:498) ~[na:1.8.0_91]     @ org.springframework.aop.support.aoputils.invokejoinpointusingreflection(aoputils.java:317) [spring-aop-4.1.5.release.jar:4.1.5.release]     @ org.springframework.aop.framework.jdkdynamicaopproxy.invoke(jdkdynamicaopproxy.java:201) [spring-aop-4.1.5.release.jar:4.1.5.release]     @ com.sun.proxy.$proxy28.testldapconnection(unknown source) [na:na]     @ org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.testldapsettingsservice.testldapconnection(testldapsettingsservice.java:76) [artifactory-rest-ui-4.12.0.1.jar:na]     @ org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.testldapsettingsservice.execute(testldapsettingsservice.java:63) [artifactory-rest-ui-4.12.0.1.jar:na]     @ org.artifactory.rest.common.service.serviceexecutor.process(serviceexecutor.java:38) [artifactory-rest-common-4.12.0.1.jar:na]     @ org.artifactory.rest.common.resource.baseresource.runservice(baseresource.java:92) [artifactory-rest-common-4.12.0.1.jar:na]     @ org.artifactory.ui.rest.resource.admin.security.ldap.ldapsettingresource.testldapsetting(ldapsettingresource.java:96) [artifactory-rest-ui-4.12.0.1.jar:na]     @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) ~[na:1.8.0_91]     @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:62) ~[na:1.8.0_91]     @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43) ~[na:1.8.0_91]     @ java.lang.reflect.method.invoke(method.java:498) ~[na:1.8.0_91]     @ com.sun.jersey.spi.container.javamethodinvokerfactory$1.invoke(javamethodinvokerfactory.java:60) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.model.method.dispatch.abstractresourcemethoddispatchprovider$responseoutinvoker._dispatch(abstractresourcemethoddispatchprovider.java:205) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.model.method.dispatch.resourcejavamethoddispatcher.dispatch(resourcejavamethoddispatcher.java:75) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.uri.rules.httpmethodrule.accept(httpmethodrule.java:302) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.uri.rules.righthandpathrule.accept(righthandpathrule.java:147) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.uri.rules.resourceclassrule.accept(resourceclassrule.java:108) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.uri.rules.righthandpathrule.accept(righthandpathrule.java:147) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.uri.rules.rootresourceclassesrule.accept(rootresourceclassesrule.java:84) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.application.webapplicationimpl._handlerequest(webapplicationimpl.java:1542) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.application.webapplicationimpl._handlerequest(webapplicationimpl.java:1473) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.application.webapplicationimpl.handlerequest(webapplicationimpl.java:1419) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.server.impl.application.webapplicationimpl.handlerequest(webapplicationimpl.java:1409) [jersey-server-1.19.jar:1.19]     @ com.sun.jersey.spi.container.servlet.webcomponent.service(webcomponent.java:409) [jersey-servlet-1.19.jar:1.19]     @ com.sun.jersey.spi.container.servlet.servletcontainer.service(servletcontainer.java:558) [jersey-servlet-1.19.jar:1.19]     @ com.sun.jersey.spi.container.servlet.servletcontainer.service(servletcontainer.java:733) [jersey-servlet-1.19.jar:1.19]     @ javax.servlet.http.httpservlet.service(httpservlet.java:729) [servlet-api.jar:na]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:292) [catalina.jar:8.0.32]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32]     @ org.artifactory.webapp.servlet.repofilter.execute(repofilter.java:200) [artifactory-web-application-4.12.0.1.jar:na]     @ org.artifactory.webapp.servlet.repofilter.dofilter(repofilter.java:91) [artifactory-web-application-4.12.0.1.jar:na]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32]     @ org.artifactory.webapp.servlet.accessfilter.useauthentication(accessfilter.java:391) [artifactory-web-application-4.12.0.1.jar:na]     @ org.artifactory.webapp.servlet.accessfilter.dofilterinternal(accessfilter.java:206) [artifactory-web-application-4.12.0.1.jar:na]     @ org.artifactory.webapp.servlet.accessfilter.dofilter(accessfilter.java:160) [artifactory-web-application-4.12.0.1.jar:na]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32]     @ org.artifactory.webapp.servlet.requestfilter.dofilter(requestfilter.java:61) [artifactory-web-application-4.12.0.1.jar:na]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32]     @ org.artifactory.webapp.servlet.artifactoryfilter.dofilter(artifactoryfilter.java:111) [artifactory-web-application-4.12.0.1.jar:na]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) [catalina.jar:8.0.32]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) [catalina.jar:8.0.32]     @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:212) [catalina.jar:8.0.32]     @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:106) [catalina.jar:8.0.32]     @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:141) [catalina.jar:8.0.32]     @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:79) [catalina.jar:8.0.32]     @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:88) [catalina.jar:8.0.32]     @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:522) [catalina.jar:8.0.32]     @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:1095) [tomcat-coyote.jar:8.0.32]     @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:672) [tomcat-coyote.jar:8.0.32]     @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.dorun(nioendpoint.java:1500) [tomcat-coyote.jar:8.0.32]     @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.run(nioendpoint.java:1456) [tomcat-coyote.jar:8.0.32]     @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java:1142) [na:1.8.0_91]     @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:617) [na:1.8.0_91]     @ org.apache.tomcat.util.threads.taskthread$wrappingrunnable.run(taskthread.java:61) [tomcat-util.jar:8.0.32]     @ java.lang.thread.run(thread.java:745) [na:1.8.0_91] caused by: javax.naming.namingexception: ldap response read timed out, timeout used:60000ms.     @ com.sun.jndi.ldap.connection.readreply(connection.java:490) ~[na:1.8.0_91]     @ com.sun.jndi.ldap.ldapclient.getsearchreply(ldapclient.java:638) ~[na:1.8.0_91]     @ com.sun.jndi.ldap.ldapclient.search(ldapclient.java:561) ~[na:1.8.0_91]     @ com.sun.jndi.ldap.ldapctx.dosearch(ldapctx.java:1985) ~[na:1.8.0_91]     @ com.sun.jndi.ldap.ldapctx.searchaux(ldapctx.java:1844) ~[na:1.8.0_91]     @ com.sun.jndi.ldap.ldapctx.c_search(ldapctx.java:1769) ~[na:1.8.0_91]     @ com.sun.jndi.ldap.ldapctx.c_search(ldapctx.java:1786) ~[na:1.8.0_91]     @ com.sun.jndi.toolkit.ctx.componentdircontext.p_search(componentdircontext.java:418) ~[na:1.8.0_91]     @ com.sun.jndi.toolkit.ctx.partialcompositedircontext.search(partialcompositedircontext.java:396) ~[na:1.8.0_91]     @ javax.naming.directory.initialdircontext.search(initialdircontext.java:297) ~[na:1.8.0_91]     @ org.artifactory.security.ldap.newspringsecurityldaptemplate.searchforsingleentryinternal(newspringsecurityldaptemplate.java:59) ~[artifactory-core-4.12.0.1.jar:na]     @ org.artifactory.security.ldap.newspringsecurityldaptemplate$3.executewithcontext(newspringsecurityldaptemplate.java:253) ~[artifactory-core-4.12.0.1.jar:na]     @ org.springframework.ldap.core.ldaptemplate.executewithcontext(ldaptemplate.java:806) ~[spring-ldap-core-1.3.2.release.jar:1.3.2.release]     ... 69 common frames omitted 2016-09-22 09:34:55,700 [http-nio-8081-exec-6] [error] (o.a.s.l.abstractldapservice:71) - error connecting ldap server:

first, important mention in order improve search performance, artifactory ldap 'search base' field should narrow possible , point specific area includes of requirements (users, groups...), still not force artifactory search on entire tree (which can pretty heavy). regards timeout, can increase default timeout value modifying 'artifactory.security.ldap.socket.timeoutmillis' flag in $artifactory_home/etc/artifactory.system.properties file. might find pool timeout useful (artifactory.security.ldap.pool.timeoutmillis) timeout idle connections , clean stale connections.


-

Comments

Post a Comment

Popular posts from this blog

unity3d - Rotate an object to face an opposite direction -

i have object , b. when click on object b, rotates object b (a faces b). b doesn't face a. need following : when faces b, need face opposite direction. have code rotating @ b. how rotate face opposite direction after that? vector3 targetdirection = target - transform.position; float step = speed * time.deltatime; vector3 newdirection = vector3.rotatetowards (turretdome.transform.forward, targetdirection, step, 0.0f); turretdome.transform.rotation = quaternion.lookrotation (newdirection); you object facing object b, want inverse direction of object after that? objecta.transform.rotation = quaternion.inverse(objecta.transform.rotation) but lets assume example turretdome object a, (negate direction): turretdome.transform.rotation = quaternion.lookrotation (-newdirection); naturally, both of these snippets not show how smoothen rotation, seem know how use time.deltatime. just incase unsure, quaternion.lerp this
Read more

angular - Is it possible to get native element for formControl? -

i've got angular2 reactive form . created formcontrol s , assigned input fields by [formcontrol]=... . understand creates nativeelement <-> formcontrol link. my question: possible nativeelement formcontrol ? wanna myformcontrol.nativeelement.focus() i can share 1 terrible solution works me. in reactive forms can use either 1) formcontroldirective ts mycontrol = new formcontrol('') template <input type="text" [formcontrol]="mycontrol"> or 2) formcontrolname ts myform: formgroup; constructor(private fb: formbuilder) {} ngoninit() { this.myform = this.fb.group({ foo: '' }); } template <form [formgroup]="myform"> <input type="text" formcontrolname="foo"> </form> so these directives write patch like 1) formcontroldirective const originformcontrolngonchanges = formcontroldirective.prototype.ngonchanges; formcontroldirective.proto
Read more

javascript - Why jQuery Select box change event is now working? -

i working on product filters user select select box according his/her preference not getting selected value user in jquery. html code:- <select name="product_filter" id="product_filter"> <option value="price_low_first">price : low high</option> <option value="price_high_first">price : high low</option> <option value="latest">latest</option> <option value="popular">most popular</option> </select> jquery code: $(function () { $("#product_filter").change(function () { alert("hi") var selectedtext = $(this).find("option:selected").text(); var selectedvalue = $(this).val(); alert("selected text: " + selectedtext + " value: " + selectedvalue); }); }); hi believe code perfect. once please check jquery.min.js
Read more