Skip to content

O
Openfire
Commit 4755fbec authored by Alex Mateescu's avatar Alex Mateescu Committed by alexm
Browse files
Options

OF-704 Made LDAP connection timeout configurable for non-SSL connections 

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13754 b35dd754-fafc-0310-a699-88a17e54d16e
parent f96fceeb
Show whitespace changes
Inline Side-by-side
Showing with 240 additions and 217 deletions
src/java/org/jivesoftware/openfire/ldap/LdapManager.java
View file @ 4755fbec
...@@ -161,6 +161,7 @@ public class LdapManager { ...@@ -161,6 +161,7 @@ public class LdapManager {
private Collection<String> hosts = new ArrayList<String>(); private Collection<String> hosts = new ArrayList<String>();
private int port; private int port;
private int connTimeout = -1;
private int readTimeout = -1; private int readTimeout = -1;
private String usernameField; private String usernameField;
private String usernameSuffix; private String usernameSuffix;
...@@ -189,7 +190,7 @@ public class LdapManager { ...@@ -189,7 +190,7 @@ public class LdapManager {
private boolean posixMode = false; private boolean posixMode = false;
private String groupSearchFilter = null; private String groupSearchFilter = null;
private Map<String, String> properties; private final Map<String, String> properties;
/** /**
* Provides singleton access to an instance of the LdapManager class. * Provides singleton access to an instance of the LdapManager class.
...@@ -263,6 +264,15 @@ public class LdapManager { ...@@ -263,6 +264,15 @@ public class LdapManager {
Log.error(nfe.getMessage(), nfe); Log.error(nfe.getMessage(), nfe);
} }
} }
String cTimeout = properties.get("ldap.connectionTimeout");
if (cTimeout != null) {
try {
this.connTimeout = Integer.parseInt(cTimeout);
}
catch (NumberFormatException nfe) {
Log.error(nfe.getMessage(), nfe);
}
}
String timeout = properties.get("ldap.readTimeout"); String timeout = properties.get("ldap.readTimeout");
if (timeout != null) { if (timeout != null) {
try { try {
...@@ -471,9 +481,10 @@ public class LdapManager { ...@@ -471,9 +481,10 @@ public class LdapManager {
boolean debug = Log.isDebugEnabled(); boolean debug = Log.isDebugEnabled();
if (debug) { if (debug) {
Log.debug("LdapManager: Creating a DirContext in LdapManager.getContext()..."); Log.debug("LdapManager: Creating a DirContext in LdapManager.getContext()...");
if (!sslEnabled && !startTlsEnabled) if (!sslEnabled && !startTlsEnabled) {
Log.debug("LdapManager: Warning: Using unencrypted connection to LDAP service!"); Log.debug("LdapManager: Warning: Using unencrypted connection to LDAP service!");
} }
}
// Set up the environment for creating the initial context // Set up the environment for creating the initial context
Hashtable<String, Object> env = new Hashtable<String, Object>(); Hashtable<String, Object> env = new Hashtable<String, Object>();
...@@ -508,9 +519,9 @@ public class LdapManager { ...@@ -508,9 +519,9 @@ public class LdapManager {
env.put("com.sun.jndi.ldap.trace.ber", System.err); env.put("com.sun.jndi.ldap.trace.ber", System.err);
} }
if (connectionPoolEnabled) { if (connectionPoolEnabled) {
if (!startTlsEnabled) if (!startTlsEnabled) {
env.put("com.sun.jndi.ldap.connect.pool", "true"); env.put("com.sun.jndi.ldap.connect.pool", "true");
else { } else {
if (debug) { if (debug) {
// See http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html // See http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html
// "When Not to Use Pooling" // "When Not to Use Pooling"
...@@ -518,8 +529,9 @@ public class LdapManager { ...@@ -518,8 +529,9 @@ public class LdapManager {
} }
env.put("com.sun.jndi.ldap.connect.pool", "false"); env.put("com.sun.jndi.ldap.connect.pool", "false");
} }
} else } else {
env.put("com.sun.jndi.ldap.connect.pool", "false"); env.put("com.sun.jndi.ldap.connect.pool", "false");
}
if (followReferrals) { if (followReferrals) {
env.put(Context.REFERRAL, "follow"); env.put(Context.REFERRAL, "follow");
...@@ -539,8 +551,9 @@ public class LdapManager { ...@@ -539,8 +551,9 @@ public class LdapManager {
if (debug) { if (debug) {
Log.debug("LdapManager: ... StartTlsRequest"); Log.debug("LdapManager: ... StartTlsRequest");
} }
if (followReferrals) if (followReferrals) {
Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals"); Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals");
}
// Perform a StartTLS extended operation // Perform a StartTLS extended operation
StartTlsResponse tls = (StartTlsResponse) StartTlsResponse tls = (StartTlsResponse)
...@@ -572,11 +585,12 @@ public class LdapManager { ...@@ -572,11 +585,12 @@ public class LdapManager {
context.addToEnvironment( context.addToEnvironment(
Context.SECURITY_PRINCIPAL, Context.SECURITY_PRINCIPAL,
adminDN); adminDN);
if (adminPassword != null) if (adminPassword != null) {
context.addToEnvironment( context.addToEnvironment(
Context.SECURITY_CREDENTIALS, Context.SECURITY_CREDENTIALS,
adminPassword); adminPassword);
} }
}
} catch (java.io.IOException ex) { } catch (java.io.IOException ex) {
Log.error(ex.getMessage(), ex); Log.error(ex.getMessage(), ex);
} }
...@@ -602,9 +616,10 @@ public class LdapManager { ...@@ -602,9 +616,10 @@ public class LdapManager {
if (debug) { if (debug) {
Log.debug("LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: " + userDN + "..."); Log.debug("LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: " + userDN + "...");
if (!sslEnabled && !startTlsEnabled) if (!sslEnabled && !startTlsEnabled) {
Log.debug("LdapManager: Warning: Using unencrypted connection to LDAP service!"); Log.debug("LdapManager: Warning: Using unencrypted connection to LDAP service!");
} }
}
JiveInitialLdapContext ctx = null; JiveInitialLdapContext ctx = null;
try { try {
...@@ -625,15 +640,19 @@ public class LdapManager { ...@@ -625,15 +640,19 @@ public class LdapManager {
env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN); env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.SECURITY_CREDENTIALS, password);
} else { } else {
if (followReferrals) if (followReferrals) {
Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals"); Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals");
} }
}
// Specify timeout to be 10 seconds, only on non SSL since SSL connections // Set only on non SSL since SSL connections break with a timeout.
// break with a timeout.
if (!sslEnabled) { if (!sslEnabled) {
if (connTimeout > 0) {
env.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(connTimeout));
} else {
env.put("com.sun.jndi.ldap.connect.timeout", "10000"); env.put("com.sun.jndi.ldap.connect.timeout", "10000");
} }
}
if (readTimeout > 0) { if (readTimeout > 0) {
env.put("com.sun.jndi.ldap.read.timeout", String.valueOf(readTimeout)); env.put("com.sun.jndi.ldap.read.timeout", String.valueOf(readTimeout));
} }
...@@ -1412,11 +1431,12 @@ public class LdapManager { ...@@ -1412,11 +1431,12 @@ public class LdapManager {
* @return the starting DN used for performing searches. * @return the starting DN used for performing searches.
*/ */
public String getBaseDN() { public String getBaseDN() {
if (encloseDNs) if (encloseDNs) {
return getEnclosedDN(baseDN); return getEnclosedDN(baseDN);
else } else {
return baseDN; return baseDN;
} }
}
/** /**
* Sets the starting DN that searches for users will performed with. * Sets the starting DN that searches for users will performed with.
...@@ -1517,11 +1537,12 @@ public class LdapManager { ...@@ -1517,11 +1537,12 @@ public class LdapManager {
* @return the starting DN used for performing searches. * @return the starting DN used for performing searches.
*/ */
public String getAdminDN() { public String getAdminDN() {
if (encloseDNs) if (encloseDNs) {
return getEnclosedDN(adminDN); return getEnclosedDN(adminDN);
else } else {
return adminDN; return adminDN;
} }
}
/** /**
* Sets the starting admin DN that searches for admins will performed with. * Sets the starting admin DN that searches for admins will performed with.
...@@ -1831,7 +1852,9 @@ public class LdapManager { ...@@ -1831,7 +1852,9 @@ public class LdapManager {
} }
Boolean clientSideSort = false; Boolean clientSideSort = false;
String clientSideSortStr = properties.get("ldap.clientSideSorting"); String clientSideSortStr = properties.get("ldap.clientSideSorting");
if (clientSideSortStr != null) clientSideSort = Boolean.valueOf(clientSideSortStr); if (clientSideSortStr != null) {
clientSideSort = Boolean.valueOf(clientSideSortStr);
}
LdapContext ctx = null; LdapContext ctx = null;
LdapContext ctx2 = null; LdapContext ctx2 = null;
try { try {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023