Grouper Users - Open Discussion List

[Peter DiCamillo <>]

We encountered this problem after updating to Java 7. There is a read timeout for the connection itself, and when the default is used it's logged as -1 instead of the actual value. You can have sources.xml refer to an ldap.properties file:

    <init-param>
      <param-name>ldapProperties_file</param-name>
      <param-value>/ldap.properties</param-value>

The solution for us was to add this to ldap.properties:

# set the global read timeout (for the LDAP context) to 5 minutes
com.sun.jndi.ldap.read.timeout=300000

I can confirm that when you do that it's honored by Grouper.

Peter

On 9/13/17 10:37 AM, Jared Hoffman wrote:

When we have several grouper loader jobs running we occasionally get timed out errors for some loader jobs. We still use the sources.xml config (plan on patching to current in October break maintenance window). 

The "timeout used" in the error is -1, so I'm wondering if that is an unlimited timeout. Or if there is a timeout setting we haven't found. We tried adding "ldap.personLdap.timeout = 5000" to grouper-loader.properties, but I think that needs to be closer to the sources.xml AD/LDAP config.  

I read through this thread from the list but we don't have an ldap.properties config. We are using the sources.xml config. Do we need to get all the current patches to be able to set the timeout properly? I could schedule a special maintenance to patch if it would be easier to manage.

https://lists.internet2.edu/sympa/arc/grouper-users/2016-12/msg00058.html

edu.internet2.middleware.subject.SourceUnavailableException: Ldap NamingException: LDAP response read timed out, timeout used:-1ms.

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:775)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:662)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:807)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubjectByIdentifier(LdapSourceAdapter.java:437)

at edu.internet2.middleware.subject.provider.BaseSourceAdapter.getSubjectsByIdentifiers(BaseSourceAdapter.java:197)

at edu.internet2.middleware.grouper.subj.SourcesXmlResolver$7.callLogic(SourcesXmlResolver.java:1009)

at edu.internet2.middleware.grouper.subj.SourcesXmlResolver$7.callLogic(SourcesXmlResolver.java:1006)

at edu.internet2.middleware.grouper.subj.SourcesXmlResolver$LogLabelCallable.call(SourcesXmlResolver.java:169)

at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.executeCallables(SourcesXmlResolver.java:230)

at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.findByIdentifiers(SourcesXmlResolver.java:1015)

at edu.internet2.middleware.grouper.subj.CachingResolver.findByIdentifiers(CachingResolver.java:811)

at edu.internet2.middleware.grouper.subj.ValidatingResolver.findByIdentifiers(ValidatingResolver.java:282)

at edu.internet2.middleware.grouper.SubjectFinder.findByIdentifiers(SubjectFinder.java:604)

at edu.internet2.middleware.grouper.app.loader.db.GrouperLoaderResultset.bulkLookupSubjects(GrouperLoaderResultset.java:201)

at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$3.runJob(GrouperLoaderType.java:458)

at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJob(GrouperLoaderJob.java:423)

at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:323)

at org.quartz.core.JobRunShell.run(JobRunShell.java:202)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)

Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'CN=Users,DC=kenyon,DC=edu'

at com.sun.jndi.ldap.Connection.readReply(Connection.java:483)

at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639)

at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562)

at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)

at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)

at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)

at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1789)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)

at edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:215)

at edu.vt.middleware.ldap.Ldap.search(Ldap.java:431)

at edu.vt.middleware.ldap.Ldap.search(Ldap.java:347)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:772)

... 18 more

--
Jared Hoffman • Associate Director for Enterprise Infrastructure
Information Technology Services • Kenyon College
• 740.427.5948