Tobias Bocanegra created OAK-2897: ------------------------------------- Summary: CLONE - Make LDAP connection pool 'testOnBorrow' configurable Key: OAK-2897 URL: https://issues.apache.org/jira/browse/OAK-2897 Project: Jackrabbit Oak Issue Type: Improvement Components: auth-ldap Affects Versions: 1.2 Reporter: Tobias Bocanegra Assignee: Tobias Bocanegra Priority: Minor Fix For: 1.3.0, 1.0.14, 1.2.3
Depending of the LDAP server configuration, it fails to connect as the server doesn't allow the connection validation query. It fails on {quote} Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233) at org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:56) at org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.connect(LdapIdentityProvider.java:532) ... 92 common frames omitted {quote} Based on customer analyze of Oak code this is the reason it fails: {quote} I think I have found a solution for the problem. While the system is initializing the connection it tries to validate the connection. This is the reason for the strange search request: SearchRequest baseDn : '' filter : '(objectClass=*)' scope : base object Because such kind of requests are not allowed in the client's ldap system the connection is being rejected (as invalid). It is configurable if the connection should be validated. The class org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider contains this code if (config.getAdminPoolConfig().getMaxActive() != 0) { adminPool = new LdapConnectionPool(adminConnectionFactory); adminPool.setTestOnBorrow(true); adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive()); adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK); } A solution for our Problem would most probably be to change the connectionPool configuration adminPool.setTestOnBorrow(false); This Parameter comes sadly not from the identity provider configuration. Is there a way to change this this parameter without creating an own implementation of the identity provider? {quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)