[jira] [Created] (OAK-2897) CLONE - Make LDAP connection pool 'testOnBorrow' configurable

Wed, 20 May 2015 09:43:13 -0700 

Tobias Bocanegra created OAK-2897:
-------------------------------------

             Summary: CLONE - Make LDAP connection pool 'testOnBorrow' 
configurable
                 Key: OAK-2897
                 URL: https://issues.apache.org/jira/browse/OAK-2897
             Project: Jackrabbit Oak
          Issue Type: Improvement
          Components: auth-ldap
    Affects Versions: 1.2
            Reporter: Tobias Bocanegra
            Assignee: Tobias Bocanegra
            Priority: Minor
             Fix For: 1.3.0, 1.0.14, 1.2.3


Depending of the LDAP server configuration, it fails to connect as the server 
doesn't allow the connection validation query.

It fails on 
{quote}
Caused by: java.util.NoSuchElementException: Could not create a validated 
object, cause: ValidateObject failed
at 
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233)
at 
org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:56)
at 
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.connect(LdapIdentityProvider.java:532)
... 92 common frames omitted
{quote}

Based on customer analyze of Oak code this is the reason it fails:

{quote}
        I think I have found a solution for the problem. While the system is 
initializing the connection it tries to validate the connection. This is the 
reason for the strange search request:

SearchRequest
baseDn : ''
filter : '(objectClass=*)'
scope : base object

Because such kind of requests are not allowed in the client's ldap system the 
connection is being rejected (as invalid). It is configurable if the connection 
should be validated. The class 
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider
 contains this code

if (config.getAdminPoolConfig().getMaxActive() != 0) {
adminPool = new LdapConnectionPool(adminConnectionFactory);
adminPool.setTestOnBorrow(true);
adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
}

A solution for our Problem would most probably be to change the connectionPool 
configuration adminPool.setTestOnBorrow(false);
This Parameter comes sadly not from the identity provider configuration.

Is there a way to change this this parameter without creating an own 
implementation of the identity provider?
{quote}





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to