« Previous | Next » 

Revision 3155

Added by Chris Jones over 17 years ago

As a partial fix to,

I'm applying 3 patches to that simplify the code that addresses
timeout issues when connecting and searching referral LDAP databases, fixes the
getGroups() method to correctly get groups in referral LDAP databases, and does
code cleanup.

This first patch introduces 3 new LDAP settings that are derived from

1) ldapconnecttimelimit limits the time in milliseconds allowed for
LDAP server connections. This reduces the impact of any single
LDAP directory that may be unreachable (one of the referrals).

2) ldapsearchtimelimit limits the time in milliseconds allowed for
LDAP server searches. Again, servers with massive trees to search
might prove to be problematic, or servers that connect but do not
search correctly.

3) ldapsearchcountlimit limits the number of return entries allowed
for LDAP server searches. This is set pretty high (30000), but may
need to be altered when the KNB goes gold or platinum.

Also, this patch removes the run() method and the private GetGroups class,
and changes the AuthLdap class to not implement the Runnable interface.
These changes are in preparation for the next patch that will re-implement
the getGroups() method, removing the threaded timeout code.

  • added
  • modified
  • copied
  • renamed
  • deleted