This commit is contained in:
Clebert Suconic 2020-01-08 12:38:27 -05:00
commit 6bbd2bf857
2 changed files with 35 additions and 5 deletions

View File

@ -89,6 +89,7 @@ public class LDAPLoginModule implements LoginModule {
private static final String PASSWORD_CODEC = "passwordCodec"; private static final String PASSWORD_CODEC = "passwordCodec";
private static final String CONNECTION_POOL = "connectionPool"; private static final String CONNECTION_POOL = "connectionPool";
private static final String CONNECTION_TIMEOUT = "connectionTimeout"; private static final String CONNECTION_TIMEOUT = "connectionTimeout";
private static final String READ_TIMEOUT = "readTimeout";
protected DirContext context; protected DirContext context;
@ -135,7 +136,8 @@ public class LDAPLoginModule implements LoginModule {
new LDAPLoginProperty(REFERRAL, (String) options.get(REFERRAL)), new LDAPLoginProperty(REFERRAL, (String) options.get(REFERRAL)),
new LDAPLoginProperty(IGNORE_PARTIAL_RESULT_EXCEPTION, (String) options.get(IGNORE_PARTIAL_RESULT_EXCEPTION)), new LDAPLoginProperty(IGNORE_PARTIAL_RESULT_EXCEPTION, (String) options.get(IGNORE_PARTIAL_RESULT_EXCEPTION)),
new LDAPLoginProperty(CONNECTION_POOL, (String) options.get(CONNECTION_POOL)), new LDAPLoginProperty(CONNECTION_POOL, (String) options.get(CONNECTION_POOL)),
new LDAPLoginProperty(CONNECTION_TIMEOUT, (String) options.get(CONNECTION_TIMEOUT))}; new LDAPLoginProperty(CONNECTION_TIMEOUT, (String) options.get(CONNECTION_TIMEOUT)),
new LDAPLoginProperty(READ_TIMEOUT, (String) options.get(READ_TIMEOUT))};
if (isLoginPropertySet(AUTHENTICATE_USER)) { if (isLoginPropertySet(AUTHENTICATE_USER)) {
authenticateUser = Boolean.valueOf(getLDAPPropertyValue(AUTHENTICATE_USER)); authenticateUser = Boolean.valueOf(getLDAPPropertyValue(AUTHENTICATE_USER));
@ -640,6 +642,9 @@ public class LDAPLoginModule implements LoginModule {
if (isLoginPropertySet(CONNECTION_TIMEOUT)) { if (isLoginPropertySet(CONNECTION_TIMEOUT)) {
env.put("com.sun.jndi.ldap.connect.timeout", getLDAPPropertyValue(CONNECTION_TIMEOUT)); env.put("com.sun.jndi.ldap.connect.timeout", getLDAPPropertyValue(CONNECTION_TIMEOUT));
} }
if (isLoginPropertySet(READ_TIMEOUT)) {
env.put("com.sun.jndi.ldap.read.timeout", getLDAPPropertyValue(READ_TIMEOUT));
}
// handle LDAP referrals // handle LDAP referrals
// valid values are "throw", "ignore" and "follow" // valid values are "throw", "ignore" and "follow"

View File

@ -608,12 +608,37 @@ system. It is implemented by
for the connection to the directory server. This option must be set explicitly for the connection to the directory server. This option must be set explicitly
to an empty string, because it has no default value. to an empty string, because it has no default value.
- `connectionPool`. boolean, enable the ldap connection pool property - `connectionPool` - boolean, enable the LDAP connection pool property
'com.sun.jndi.ldap.connect.pool'. Note that the pool is [configured at the jvm level with system properties](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html). 'com.sun.jndi.ldap.connect.pool'. Note that the pool is
[configured at the jvm level with system properties](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html).
- `connectionTimeout` - specifies the string representation of an integer
representing the connection timeout in milliseconds. If the LDAP provider
cannot establish a connection within that period, it aborts the connection
attempt. The integer should be greater than zero. An integer less than or
equal to zero means to use the network protocol's (i.e., TCP's) timeout
value.
- `connectionTimeout`. String milliseconds, that can time limit a ldap connection If `connectionTimeout` is not specified, the default is to wait for the
attempt. The default is infinite. connection to be established or until the underlying network times out.
When connection pooling has been requested for a connection, this property
also determines the maximum wait time for a connection when all connections
in the pool are in use and the maximum pool size has been reached. If the
value of this property is less than or equal to zero under such
circumstances, the provider will wait indefinitely for a connection to
become available; otherwise, the provider will abort the wait when the
maximum wait time has been exceeded. See `connectionPool` for more details.
- `readTimeout` - specifies the string representation of an integer representing
the read timeout in milliseconds for LDAP operations. If the LDAP provider
cannot get a LDAP response within that period, it aborts the read attempt.
The integer should be greater than zero. An integer less than or equal to
zero means no read timeout is specified which is equivalent to waiting for
the response infinitely until it is received.
If `readTimeout` is not specified, the default is to wait for the response
until it is received.
- `userBase` - selects a particular subtree of the DIT to search for user - `userBase` - selects a particular subtree of the DIT to search for user
entries. The subtree is specified by a DN, which specifes the base node of entries. The subtree is specified by a DN, which specifes the base node of