Grouper Developers Forum

[Chris Hyzer <>]

Fyi this fixed the issue:

 

Just one line in ldap.properties:

 

edu.vt.middleware.ldap.pool.validateOnCheckOut=true

 

Thanks Hans!

 

Chris

 

 

From: [mailto:] On Behalf Of Chris Hyzer
Sent: Monday, June 22, 2015 7:01 PM
To: Internet2/grouper; Internet2/grouper
Cc:
Subject: [grouper-dev] RE: [grouper] Grouper 2.1.5 loses track of ldap connection (#43)

 

Are there vt-ldap settings that might help?

 

Make an ldap.properties in your classpath and maybe try changing some of these:

 

https://code.google.com/p/vt-middleware/wiki/vtldapPooling

 

 

edu.vt.middleware.ldap.pool.validateOnCheckIn	false	whether connections should be validated when objects are returned to the pool
edu.vt.middleware.ldap.pool.validateOnCheckOut	false	whether connections should be validated when objects are loaned out from the pool
edu.vt.middleware.ldap.pool.validatePeriodically	false	whether connections should be validated periodically when the pool is idle
edu.vt.middleware.ldap.pool.pruneTimerPeriod	300000 (5 min)	period at which pool should be pruned
edu.vt.middleware.ldap.pool.validateTimerPeriod	1800000 (30 min)	period at which pool should be validated
edu.vt.middleware.ldap.pool.expirationTime	600000 (10 min)	time an object can stay in the pool before it is considered stale and available for pruning

 

 

edu.vt.middleware.ldap.operationRetry	1	specifies the number of times an LDAP operation will be retried if a retry exception occurs; set to -1 for infinite retries
edu.vt.middleware.ldap.operationRetryWait	0	the amount of time in milliseconds that LDAP operations should wait before retrying
edu.vt.middleware.ldap.operationRetryBackoff	0	factor by which to multiply the operation retry wait time; this allows clients to progressively delay each retry
edu.vt.middleware.ldap.operationRetryExceptions	{CommunicationException, ServiceUnavailableException}	exception classes to retry operations on; supports a comma delimited list for multiple values

 

Not sure if retry will get a new connection… maybe have retry as high as your pool size?  Validate on checkin?  Validate periodically?  Expire the connections after a minute?  Validate every minute? 

 

Let us know if anything works

 

Thanks,

Chris

 

 

 

 

From: Hans Westerbeek []
Sent: Monday, June 22, 2015 7:49 AM
To: Internet2/grouper
Subject: [grouper] Grouper 2.1.5 loses track of ldap connection (#43)

 

Hi,

I am having some issues with the LDAP connection pool managed by Grouper. When grouper first starts up, things are fine. After a period of inactivity (and this occurs more often than not on our test-stage), we are seeing the following exception.

Grouper does not recover from this connection failure. The only remedy I found until now is to restart it.

Is this a known issue? Do other workarounds exist?

2015-06-16 10:55:34,772: [TP-Processor8] ERROR WsGetMembershipsResults.assignResultCodeException(384) - <  gadget - 10.0.0.122 > - clientVersion: 1.6.<

 /span>0, wsGroupLookups: null, wsMemberFilter: All, includeSubjectDetail: false, actAsSubject: null, fieldName: null, fieldType: null, subjectAttributeNames: null

, paramNames: 

, params: null

, wsSubjectLookups: Array size: 1: [0]: WsSubjectLookup[subjectId=urn:collab:person:example.com:admin]

, sourceIds: null

, scope: null, wsStemLookup: null, stemScope: null, enabled: null

, membershipIds: null

, wsStemLookups: null

, wsAttributeDefLookups: null

java.lang.RuntimeException: Cant find subject from login id: gadget

    at edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee$1.callback(GrouperServiceJ2ee.java:261)

    at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:803)

    at edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee.retrieveSubjectLoggedIn(GrouperServiceJ2ee.java:246)

    at edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee.retrieveSubjectActAsHelper(GrouperServiceJ2ee.java:358)

    at edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee.retrieveSubjectActAs(GrouperServiceJ2ee.java:330)

    at edu.internet2.middleware.grouper.ws.util.GrouperServiceUtils.retrieveGrouperSession(GrouperServiceUtils.java:849)

    at edu.internet2.middleware.grouper.ws.GrouperServiceLogic.getMemberships(GrouperServiceLogic.java:1584)

    at edu.internet2.middleware.grouper.ws.coresoap.GrouperService.getMemberships(GrouperService.java:2428)

    at edu.internet2.middleware.grouper.ws.rest.GrouperServiceRest.getMemberships(GrouperServiceRest.java:1285)

    at edu.internet2.middleware.grouper.ws.rest.method.GrouperWsRestGet$7.service(GrouperWsRestGet.java:386)

    at edu.internet2.middleware.grouper.ws.rest.method.GrouperRestHttpMethod$1.service(GrouperRestHttpMethod.java:57)

    at edu.internet2.middleware.grouper.ws.rest.GrouperRestServlet.service(GrouperRestServlet.java:199)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

    at edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee.doFilter(GrouperServiceJ2ee.java:659)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:558)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

    at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)

    at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)

    at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)

    at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)

    at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)

    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)

    at java.lang.Thread.run(Thread.java:745)

Caused by: edu.internet2.middleware.subject.SourceUnavailableException: Ldap NamingException: LDAP response read timed out, timeout used:-1ms.

    at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:704)

    at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:591)

    at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:724)

    at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:314)

    at edu.internet2.middleware.subject.provider.BaseSourceAdapter.getSubjectByIdOrIdentifier(BaseSourceAdapter.java:164)

    at edu.internet2.middleware.grouper.subj.SourcesXmlResolver$4.callLogic(SourcesXmlResolver.java:517)

    at edu.internet2.middleware.grouper.subj.SourcesXmlResolver$4.callLogic(SourcesXmlResolver.java:514)

    at edu.internet2.middleware.grouper.subj.SourcesXmlResolver$LogLabelCallable.call(SourcesXmlResolver.java:170)

    at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.executeCallables(SourcesXmlResolver.java:231)

    at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.findByIdOrIdentifier(SourcesXmlResolver.java:523)

    at edu.internet2.middleware.grouper.subj.CachingResolver.findByIdOrIdentifier(CachingResolver.java:377)

    at edu.internet2.middleware.grouper.subj.ValidatingResolver.findByIdOrIdentifier(ValidatingResolver.java:202)

    at edu.internet2.middleware.grouper.SubjectFinder.findByIdOrIdentifier(SubjectFinder.java:160)

    at edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee$1.callback(GrouperServiceJ2ee.java:254)

    ... 31 more

Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'dc=sowewhere,dc=nl'

    at com.sun.jndi.ldap.Connection.readReply(Connection.java:483)

    at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639)

    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562)

    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)

    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)

    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)

    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1789)

    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)

    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)

    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)

    at edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:215)

    at edu.vt.middleware.ldap.Ldap.search(Ldap.java:431)

    at edu.vt.middleware.ldap.Ldap.search(Ldap.java:347)

    at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:701)

    ... 44 more

—
Reply to this email directly or view it on GitHub.