[Issue 9488] New: Tomcat Application hangs when user tries to login via opendlap authentication
https://bugs.openldap.org/show_bug.cgi?id=9488
Issue ID: 9488 Summary: Tomcat Application hangs when user tries to login via opendlap authentication Product: OpenLDAP Version: 2.4.32 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: chandan.cse06217@gmail.com Target Milestone: ---
Hi Experts,
I am facing an issue often that my tomcat application hangs, when large no of users attempt login in short span of time authenticating via openLDAP.
I have a mirror mode replication configured and writes are going to one of the slapd instance.
Below is the stack trace: at com.sun.jndi.ldap.Connection.readReply(Connection.java:467) - locked <0x00000007505767c8> (a com.sun.jndi.ldap.LdapRequest) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640)
Issue goes away when i restart tomcat. Can you please advise.
https://bugs.openldap.org/show_bug.cgi?id=9488
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- As restarting resolves the problem, I would suggest contacting the Tomcat developers as there is no indication here of an OpenLDAP issue.
I would note that JNDI is known to be an extremely flawed LDAP API for Java. There are better solutions out there, such as the Apache DS project LDAP API.
https://bugs.openldap.org/show_bug.cgi?id=9488
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- Specifically, as restarting Tomcat resolves the issue.. This does not appear to indicate a problem on the OpenLDAP Side.
I would note that OpenLDAP 2.4.32 is years out of date, you should be using a current release.
https://bugs.openldap.org/show_bug.cgi?id=9488
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=9488
--- Comment #3 from chantechie chandan.cse06217@gmail.com --- Appreciate your speedy response on this, but tomcat Devs are saying that application is waiting for response from openLDAP, that is the reason threads are in waiting state and threads are waiting forever as no ldap connection timeout is defined in Java code.
Can we conclude from openLDAP logs, that ldap doesn't have any issues.
https://bugs.openldap.org/show_bug.cgi?id=9488
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to chantechie from comment #3)
Appreciate your speedy response on this, but tomcat Devs are saying that application is waiting for response from openLDAP, that is the reason threads are in waiting state and threads are waiting forever as no ldap connection timeout is defined in Java code.
Can we conclude from openLDAP logs, that ldap doesn't have any issues.
The ITS system is not a support channel. If you have support questions, you can try using the openldap-technical@openldap.org mailing list. If you want to pay for support, there is a list of companies that provide paid support listed on the website.
Again, the version you state you are using is 8 years old. The current release is 2.4.57. It's possible you've hit a bug in that ancient of a release, but no one's going to try and track that down for you.
If you want to try the -technical route, you'll need to provide logs from the server at stats level that demonstrate that tomcat sent a request for which openldap never responded back. And again, you'd need to do that running a current release.
https://bugs.openldap.org/show_bug.cgi?id=9488
--- Comment #5 from chantechie chandan.cse06217@gmail.com --- Thanks I will open request in mailing list.
-
openldap-its@openldap.org