Decription: If JNDI connection pooling (Pool Size = 1) & Read Timeout property (200) is configured in the LdapContext and search operation is performed on that LdapContext but because of bad network or some other issues search operation fails with “Response Timeout Error” then all the search operations performed either on the same LdapContext or new LdapContext (with Pool Size = 1 & Read timeout=200 properties configured) afterwards will also fail with same “Response Timeout Error” instead of getting passed considering no network issues in this case.
Steps to reproduce:
Write a Java class using the below mentioned code snippet:
//Setting up environment properties
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "LDAP://" + "HOST_NAME" + ":" + 389);
env.put(Context.SECURITY_PRINCIPAL, "BIND_DN");
env.put(Context.SECURITY_CREDENTIALS, "PASSWORD");
env.put("com.sun.jndi.ldap.connect.pool", "true");
//Defining Ldap Context
LdapContext context = null;
//CASE-1
//Setting the read time out value
env.put("com.sun.jndi.ldap.read.timeout", "200");
//Create the Ldap Context object using the above configured environment properties
context = createLdapContext(env);
//Perform the LDAP Search operation on the above created context with provided search filter & //base dn to search all the users present under the given base dn
Search(context,"(objectClass=user)","CN=Users,DC=domain,DC=com");
//Close the context so that connection will get release and get back to pool again
closeContext(context);
//CASE-2
//Setting the read time out value
env.put("com.sun.jndi.ldap.read.timeout", "200");
//Create the Ldap Context object using the above configured environment properties
context = createLdapContext(env);
//Perform the LDAP Search operation on the above created context with provided search filter & //base dn to search only single user present under the given base dn
Search(context,"(CN=DUMMY_USER)","CN=Users,DC=domain,DC=com");
//Close the context so that connection will get release and get back to pool again
closeContext(context);
Notes:
Here com.sun.jndi.ldap.read.timeout property should be configured to a value which should be sufficient to search a single user, in our case it is 200 milliseconds.Case-1: In this case we are searching the list of all the users present under the "CN=Users,DC=domain,DC=com" base DN. Ideally this case should fail when run separately as 200 milliseconds is not sufficient time to search list of all users (Consider good network conditions).Case-2: In this case we are searching only a single user CN=DUMMY_USER present under the "CN=Users,DC=domain,DC=com" base DN. Ideally this case should pass as 200 milliseconds is sufficient time to search a single user (Consider good network conditions).
Execute the above written Java class and make sure that network conditions are good at that time i.e. you are able to ping to your LDAP server through the client machine. Now as the read timeout property configured is very less i.e. 200 milliseconds ideally case-2 should get pass as the timeout provided is sufficient to search single user and case-1 should fail as timeout provided is not sufficient to search all the users. But what’s happening is both the cases are getting failed with “Response Timeout Error” on executing the above cases together.
If we run both the cases separately then case-1 is failing & case-2 is passing which shows that in case of JNDI Connection pooling com.sun.jndi.ldap.Connection class persist its state if the search operation on LdapContext fails with “Response Timeout Error”.
Ranch Hand Scavenger Hunt
Number Posts (2/100)
First Post