I'm applying 3 patches to AuthLdap.java that simplify the code that addresses timeout issues when connecting and searching referral LDAP databases, fixes the getGroups() method to correctly get groups in referral LDAP databases, and does code cleanup.
This first patch introduces 3 new LDAP settings that are derived from metacat.properties:
1) ldapconnecttimelimit limits the time in milliseconds allowed for LDAP server connections. This reduces the impact of any single LDAP directory that may be unreachable (one of the referrals).
2) ldapsearchtimelimit limits the time in milliseconds allowed for LDAP server searches. Again, servers with massive trees to search might prove to be problematic, or servers that connect but do not search correctly.
3) ldapsearchcountlimit limits the number of return entries allowed for LDAP server searches. This is set pretty high (30000), but may need to be altered when the KNB goes gold or platinum.
Also, this patch removes the run() method and the private GetGroups class, and changes the AuthLdap class to not implement the Runnable interface. These changes are in preparation for the next patch that will re-implement the getGroups() method, removing the threaded timeout code.
As a partial fix to http://bugzilla.ecoinformatics.org/show_bug.cgi?id=2747,
I'm applying 3 patches to AuthLdap.java that simplify the code that addresses
timeout issues when connecting and searching referral LDAP databases, fixes the
getGroups() method to correctly get groups in referral LDAP databases, and does
code cleanup.
This first patch introduces 3 new LDAP settings that are derived from
metacat.properties:
1) ldapconnecttimelimit limits the time in milliseconds allowed for
LDAP server connections. This reduces the impact of any single
LDAP directory that may be unreachable (one of the referrals).
2) ldapsearchtimelimit limits the time in milliseconds allowed for
LDAP server searches. Again, servers with massive trees to search
might prove to be problematic, or servers that connect but do not
search correctly.
3) ldapsearchcountlimit limits the number of return entries allowed
for LDAP server searches. This is set pretty high (30000), but may
need to be altered when the KNB goes gold or platinum.
Also, this patch removes the run() method and the private GetGroups class,
and changes the AuthLdap class to not implement the Runnable interface.
These changes are in preparation for the next patch that will re-implement
the getGroups() method, removing the threaded timeout code.