OF-704 Made LDAP connection timeout configurable for non-SSL connections

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13754 b35dd754-fafc-0310-a699-88a17e54d16e

OF-704 Made LDAP connection timeout configurable for non-SSL connections
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13754 b35dd754-fafc-0310-a699-88a17e54d16e
4755fbec · Alex Mateescu · alexm · f96fceeb · 4755fbec
Commit 4755fbec authored Oct 02, 2013 by Alex Mateescu Committed by alexm Oct 02, 2013
Show whitespace changes
Inline Side-by-side

Showing with 240 additions and 217 deletions

LdapManager.java src/java/org/jivesoftware/openfire/ldap/LdapManager.java +240 -217

No files found.
--- a/src/java/org/jivesoftware/openfire/ldap/LdapManager.java
+++ b/src/java/org/jivesoftware/openfire/ldap/LdapManager.java
@@ -161,6 +161,7 @@ public class LdapManager {

    private Collection<String> hosts = new ArrayList<String>();
    private int port;
+    private int connTimeout = -1;
    private int readTimeout = -1;
    private String usernameField;
    private String usernameSuffix;
@@ -189,7 +190,7 @@ public class LdapManager {
    private boolean posixMode = false;
    private String groupSearchFilter = null;

-    private Map<String, String> properties;
+    private final Map<String, String> properties;

    /**
     * Provides singleton access to an instance of the LdapManager class.
@@ -263,6 +264,15 @@ public class LdapManager {
                Log.error(nfe.getMessage(), nfe);
            }
        }
+        String cTimeout = properties.get("ldap.connectionTimeout");
+        if (cTimeout != null) {
+            try {
+                this.connTimeout = Integer.parseInt(cTimeout);
+            }
+            catch (NumberFormatException nfe) {
+                Log.error(nfe.getMessage(), nfe);
+            }
+        }
        String timeout = properties.get("ldap.readTimeout");
        if (timeout != null) {
            try {
@@ -471,9 +481,10 @@ public class LdapManager {
        boolean debug = Log.isDebugEnabled();
        if (debug) {
            Log.debug("LdapManager: Creating a DirContext in LdapManager.getContext()...");
-        	if (!sslEnabled && !startTlsEnabled)
+            if (!sslEnabled && !startTlsEnabled) {
                Log.debug("LdapManager: Warning: Using unencrypted connection to LDAP service!");
            }
+        }

        // Set up the environment for creating the initial context
        Hashtable<String, Object> env = new Hashtable<String, Object>();
@@ -508,9 +519,9 @@ public class LdapManager {
            env.put("com.sun.jndi.ldap.trace.ber", System.err);
        }
        if (connectionPoolEnabled) {
-        	if (!startTlsEnabled)
+            if (!startTlsEnabled) {
                env.put("com.sun.jndi.ldap.connect.pool", "true");
-        	else { 
+            } else {
                if (debug) {
                    // See http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html
                    // "When Not to Use Pooling"
@@ -518,8 +529,9 @@ public class LdapManager {
                }
                env.put("com.sun.jndi.ldap.connect.pool", "false");
            }
-        } else
+        } else {
            env.put("com.sun.jndi.ldap.connect.pool", "false");
+        }

        if (followReferrals) {
            env.put(Context.REFERRAL, "follow");
@@ -539,8 +551,9 @@ public class LdapManager {
            if (debug) {
                Log.debug("LdapManager: ... StartTlsRequest");
            }
-			if (followReferrals)
+            if (followReferrals) {
                Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals");
+            }

            // Perform a StartTLS extended operation
            StartTlsResponse tls = (StartTlsResponse)
@@ -572,11 +585,12 @@ public class LdapManager {
                    context.addToEnvironment(
                            Context.SECURITY_PRINCIPAL,
                            adminDN);
-					if (adminPassword != null)
+                    if (adminPassword != null) {
                        context.addToEnvironment(
                                Context.SECURITY_CREDENTIALS,
                                adminPassword);
                    }
+                }
            } catch (java.io.IOException ex) {
                Log.error(ex.getMessage(), ex);
            }
@@ -602,9 +616,10 @@ public class LdapManager {
        if (debug) {
            Log.debug("LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: " + userDN + "...");

-           	if (!sslEnabled && !startTlsEnabled)
+            if (!sslEnabled && !startTlsEnabled) {
                Log.debug("LdapManager: Warning: Using unencrypted connection to LDAP service!");
            }
+        }

        JiveInitialLdapContext ctx = null;
        try {
@@ -625,15 +640,19 @@ public class LdapManager {
                env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
                env.put(Context.SECURITY_CREDENTIALS, password);
            } else {
-				if (followReferrals)
+                if (followReferrals) {
                    Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals");
                }
+            }

-			// Specify timeout to be 10 seconds, only on non SSL since SSL connections
-            // break with a timeout.
+            // Set only on non SSL since SSL connections break with a timeout.
            if (!sslEnabled) {
+                if (connTimeout > 0) {
+                    env.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(connTimeout));
+                } else {
                    env.put("com.sun.jndi.ldap.connect.timeout", "10000");
                }
+            }
            if (readTimeout > 0) {
                env.put("com.sun.jndi.ldap.read.timeout", String.valueOf(readTimeout));
            }
@@ -1412,11 +1431,12 @@ public class LdapManager {
     * @return the starting DN used for performing searches.
     */
    public String getBaseDN() {
-        if (encloseDNs)
+        if (encloseDNs) {
            return getEnclosedDN(baseDN);
-        else
+        } else {
            return baseDN;
        }
+    }

    /**
     * Sets the starting DN that searches for users will performed with.
@@ -1517,11 +1537,12 @@ public class LdapManager {
     * @return the starting DN used for performing searches.
     */
    public String getAdminDN() {
-        if (encloseDNs)
+        if (encloseDNs) {
            return getEnclosedDN(adminDN);
-        else
+        } else {
            return adminDN;
        }
+    }

    /**
     * Sets the starting admin DN that searches for admins will performed with.
@@ -1831,7 +1852,9 @@ public class LdapManager {
        }
        Boolean clientSideSort = false;
        String clientSideSortStr = properties.get("ldap.clientSideSorting");
-        if (clientSideSortStr != null) clientSideSort = Boolean.valueOf(clientSideSortStr);
+        if (clientSideSortStr != null) {
+            clientSideSort = Boolean.valueOf(clientSideSortStr);
+        }
        LdapContext ctx = null;
        LdapContext ctx2 = null;
        try {