Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Alfresco Share & Ldap Auth (Many attempts to l...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco Share & Ldap Auth (Many attempts to login)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2014 11:15 AM
I've been using Alfresco 4.2e CE and works fine, I made LDAP Authentication only integration (not synchronization, I create users manually), It works really fine, but I have a trouble, when Alfresco doesn't have activity for many time and users try to login with LDAP credentials by Alfresco Share, Alfresco says that not available o user credentials wrong, but, users have to make many attempts to login successfully (like 6 attempts) and then, other ldap users login at first attempt normally. I don't know what happen. LDAP works fine with other apps, I don't know if Alfresco use the same connection to ldap o make another new one.
Anyone has been the same problem?
is there any LDAP param to fix?
is there any LDAP param to control connections to ldap?
I'm working with Lotus Domino LDAP
Alfresco Logs show nothing about this, no exception, no problem.
My authentication chain in alfresco-global.properties:
I use ntlm too because I have external users from LDAP.
My ldap-authentication.properties:
I increased ldap.authentication.java.naming.read.timeout to 5000 because I though I had problems with timeout to ldap, but problem persist.
Please Help! I don't know what other thing to do!
Best regards!
Anyone has been the same problem?
is there any LDAP param to fix?
is there any LDAP param to control connections to ldap?
I'm working with Lotus Domino LDAP
Alfresco Logs show nothing about this, no exception, no problem.
My authentication chain in alfresco-global.properties:
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlmI use ntlm too because I have external users from LDAP.
My ldap-authentication.properties:
ldap.authentication.active=true
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.lotusdomain.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=false
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=wpsbind
ldap.synchronization.java.naming.security.credentials=wpsbind13
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=O=LotusD
ldap.synchronization.userSearchBase=O=LotusD
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
# Requests timeout, in miliseconds, use 0 for none (default)
ldap.authentication.java.naming.read.timeout=5000
I increased ldap.authentication.java.naming.read.timeout to 5000 because I though I had problems with timeout to ldap, but problem persist.
Please Help! I don't know what other thing to do!
Best regards!
Labels:
- Labels:
-
Archive
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2014 02:20 PM
The ldap.synchronization.java.naming.security.principal should be the dn of an account that can bind and read user and group information. Yours is set to wpsbind. Is that what you intend? I use Apache DS but mine looks like uid=admin,ou=system.
Also, your search base settings for users and groups looks a little suspicious. Do you really have all of your users and groups under O=LotusD?
Finally, you don't have a username format set so Alfresco will use the person query and userID attribute name to find the user in LDAP to authenticate with. You should be able to use a command line tool or something like the Apache Directory Studio Eclipse Plug-In to verify that you can bind with your directory using that uid and person query. If you can't do it with a third party tool, Alfresco won't be able to do it.
Jeff
Also, your search base settings for users and groups looks a little suspicious. Do you really have all of your users and groups under O=LotusD?
Finally, you don't have a username format set so Alfresco will use the person query and userID attribute name to find the user in LDAP to authenticate with. You should be able to use a command line tool or something like the Apache Directory Studio Eclipse Plug-In to verify that you can bind with your directory using that uid and person query. If you can't do it with a third party tool, Alfresco won't be able to do it.
Jeff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2014 09:42 AM
I think it would be a good idea to upgrade your JDK to try to remove that from the equation.
Regarding optimizing your LDAP search, here is an idea. Is this a test server? If so, find a more specific user search for Alejandro Ballesteros. For example, instead of O=LotusD maybe it is ou=Technology,ou=Southwest,o=LotusD. The idea is to narrow it as far as possible. Then change your LDAP config to point to the more specific user search base. Then re-test. If you get fewer or no timeouts, you can conclude that your broad search base is the problem. If it doesn't make a difference you can focus your attention elsewhere.
Another idea is to try to remove Alfresco from the picture. For example, if you use a command line tool to bind (or a script) can you repeatedly bind without getting timeouts? If you still get timeouts you know it isn't Alfresco and is instead something with your LDAP server or your network. If you no longer get timeouts then you can focus on Alfresco config/code.
Jeff
Regarding optimizing your LDAP search, here is an idea. Is this a test server? If so, find a more specific user search for Alejandro Ballesteros. For example, instead of O=LotusD maybe it is ou=Technology,ou=Southwest,o=LotusD. The idea is to narrow it as far as possible. Then change your LDAP config to point to the more specific user search base. Then re-test. If you get fewer or no timeouts, you can conclude that your broad search base is the problem. If it doesn't make a difference you can focus your attention elsewhere.
Another idea is to try to remove Alfresco from the picture. For example, if you use a command line tool to bind (or a script) can you repeatedly bind without getting timeouts? If you still get timeouts you know it isn't Alfresco and is instead something with your LDAP server or your network. If you no longer get timeouts then you can focus on Alfresco config/code.
Jeff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2014 11:55 AM
Thanks for your answer Jeff:
As I said, I'm using Lotus Domino LDAP, honestly for me,this is a complex LDAP server because it's used by Lotus Apps and create their own object structured, very complex in my opinion, for example, create users in many differents DN locations, so I have to set "search base" on the top (O=LotusD), this ldap has almost 15,000 users with some differents username formats and locations, so I have to search through all ldap objects.
wpsbind is the account to bind users and groups, I used ldapsearch command to test searching users and works fine.
Finally I could debug the exception about this problem:
2014-05-14 09:19:27,656 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-1] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,701 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Authenticating user "alejandro.ballesteros"
2014-05-14 09:22:41,718 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,718 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] User "alejandro.ballesteros" authenticated successfully
2014-05-14 09:22:41,749 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,811 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,828 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,835 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,273 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,310 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,310 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-9] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,339 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-1] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,376 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,401 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,421 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-8] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,440 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,600 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,609 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,616 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:44,236 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:45,499 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Authenticating user "alejandro.ballesteros"
2014-05-14 09:50:45,501 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Failed to authenticate user "alejandro.ballesteros"
org.alfresco.repo.security.authentication.AuthenticationException: 04140199 Unable to search LDAP. Reason LDAP response read timed out, timeout used:300000ms.
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.resolveDistinguishedName(LDAPUserRegistry.java:1006)
at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.java:121)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:162)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:68)
at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:195)
at sun.reflect.GeneratedMethodAccessor743.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.audit.AuditMethodInterceptor.proceedWithAudit(AuditMethodInterceptor.java:247)
at org.alfresco.repo.audit.AuditMethodInterceptor.proceed(AuditMethodInterceptor.java:213)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy63.authenticate(Unknown Source)
at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:66)
at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:72)
at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)
at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:64)
at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:422)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:491)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:529)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:268)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:378)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1810)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:300000ms.; remaining name 'O=LotusD'
at com.sun.jndi.ldap.Connection.readReply(Connection.java:481)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:631)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:554)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1789)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.resolveDistinguishedName(LDAPUserRegistry.java:958)
… 54 more
2014-05-14 09:50:49,688 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Authenticating user "alejandro.ballesteros"
2014-05-14 09:50:49,719 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,719 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] User "alejandro.ballesteros" authenticated successfully
2014-05-14 09:50:49,758 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-9] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,818 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,835 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,842 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-8] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,074 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,074 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,107 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,122 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,158 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,189 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-9] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,204 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-1] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,242 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,245 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,453 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-8] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,582 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,592 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,605 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:51:04,183 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
As you can see, works normally, spend many time and suddenly authentication failed many times and then, works perfectly and normal.
I googled it (javax.naming.NamingException: LDAP response read timed out, timeout used:300000ms.; remaining name ) and some sites say that is a java bug, but I really don't think so.
I have a couple of deductions:
1.- Maybe it's a bug, so I have to upgrade jre to the last versión or find fixes (1.7.0_51)
2.- Maybe I need other params to optimize ldap searches (I don't know what others)
3.- Maybe the ldap server rejects a lot of searches or connections (I'm not sure really)
What do you think?
With this kind of ldap server, is there another way to optimize searches?
Best regards!
As I said, I'm using Lotus Domino LDAP, honestly for me,this is a complex LDAP server because it's used by Lotus Apps and create their own object structured, very complex in my opinion, for example, create users in many differents DN locations, so I have to set "search base" on the top (O=LotusD), this ldap has almost 15,000 users with some differents username formats and locations, so I have to search through all ldap objects.
wpsbind is the account to bind users and groups, I used ldapsearch command to test searching users and works fine.
Finally I could debug the exception about this problem:
2014-05-14 09:19:27,656 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-1] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,701 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Authenticating user "alejandro.ballesteros"
2014-05-14 09:22:41,718 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,718 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] User "alejandro.ballesteros" authenticated successfully
2014-05-14 09:22:41,749 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,811 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,828 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:41,835 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,273 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,310 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,310 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-9] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,339 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-1] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,376 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,401 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,421 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-8] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,440 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,600 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,609 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:42,616 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:22:44,236 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:45,499 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Authenticating user "alejandro.ballesteros"
2014-05-14 09:50:45,501 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Failed to authenticate user "alejandro.ballesteros"
org.alfresco.repo.security.authentication.AuthenticationException: 04140199 Unable to search LDAP. Reason LDAP response read timed out, timeout used:300000ms.
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.resolveDistinguishedName(LDAPUserRegistry.java:1006)
at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.java:121)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:162)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:68)
at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:195)
at sun.reflect.GeneratedMethodAccessor743.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.audit.AuditMethodInterceptor.proceedWithAudit(AuditMethodInterceptor.java:247)
at org.alfresco.repo.audit.AuditMethodInterceptor.proceed(AuditMethodInterceptor.java:213)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy63.authenticate(Unknown Source)
at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:66)
at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:72)
at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)
at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:64)
at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:422)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:491)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:529)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:268)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:378)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1810)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:300000ms.; remaining name 'O=LotusD'
at com.sun.jndi.ldap.Connection.readReply(Connection.java:481)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:631)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:554)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1789)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.resolveDistinguishedName(LDAPUserRegistry.java:958)
… 54 more
2014-05-14 09:50:49,688 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Authenticating user "alejandro.ballesteros"
2014-05-14 09:50:49,719 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,719 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] User "alejandro.ballesteros" authenticated successfully
2014-05-14 09:50:49,758 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-9] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,818 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,835 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:49,842 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-8] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,074 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,074 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,107 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,122 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,158 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-3] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,189 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-9] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,204 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-1] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,242 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-10] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,245 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-5] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,453 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-8] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,582 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-6] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,592 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-4] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:50:50,605 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-2] Setting the current user to "alejandro.ballesteros"
2014-05-14 09:51:04,183 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-8080-exec-7] Setting the current user to "alejandro.ballesteros"
As you can see, works normally, spend many time and suddenly authentication failed many times and then, works perfectly and normal.
I googled it (javax.naming.NamingException: LDAP response read timed out, timeout used:300000ms.; remaining name ) and some sites say that is a java bug, but I really don't think so.
I have a couple of deductions:
1.- Maybe it's a bug, so I have to upgrade jre to the last versión or find fixes (1.7.0_51)
2.- Maybe I need other params to optimize ldap searches (I don't know what others)
3.- Maybe the ldap server rejects a lot of searches or connections (I'm not sure really)
What do you think?
With this kind of ldap server, is there another way to optimize searches?
Best regards!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-28-2014 03:35 PM
Thank u Jeff!
I upgrade java and the problem is gone!
Now my alfresco works fine!
I upgrade java and the problem is gone!
Now my alfresco works fine!
Related Content
- Alfresco 6.2 doesn't run as expted after Linux/Debian testing upgrade in Alfresco Forum
- Alfresco service stopped after restarting, even though I have increased memory allocation in Alfresco Forum
- Failed to open stream onto channel: \n accessor: ContentAccessor[ in Alfresco Forum
- How to enable Ticket base authentication ? in Alfresco Forum
- Login Screen of share is now shown as Community after update of Enterprise 23.1 to 23.2 in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
