3 Replies Latest reply on Jun 20, 2018 6:00 AM by sshriram09

    Set timeouts on AdvancedLdap login module

    geturner

      I have tried to set the standard JNDI LDAP context parameters for read and timeout (ex:com.sun.jndi.ldap.connect.timeout) by setting them as "module-option" name-value pairs in the standalone-full.xml, but nothing seems to take effect.  The documentation states that the defaults for these values, is to wait forever or until a network error is thrown, which is not real usable when your primary AD goes down.

      I see documentation for setting these using "outbound-connections", but that configuration does not seem "probable" when using the AdvancedLdap login module.  Can anyone suggest how to set one or both of these timeout values?

        • 1. Re: Set timeouts on AdvancedLdap login module
          mchoma

          Setting com.sun.jndi.ldap.read.timeout and com.sun.jndi.ldap.connect.timeout as module-option is correct approach. Why do you use "ex:" prefix ?

          • 2. Re: Set timeouts on AdvancedLdap login module
            geturner

            ex: meant "example".

             

            And my solution worked fine:

             

            public class CustomAdvancedLdapLoginModule extends AdvancedLdapLoginModule {

             

               private static final String[] CUSTOM_VALID_OPTIONS = {

               "com.sun.jndi.ldap.connect.timeout", "com.sun.jndi.ldap.read.timeout"
               };

             

               @Override
               public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) {

              addValidOptions(CUSTOM_VALID_OPTIONS);

               super.initialize(subject, handler, sharedState, options);

              }

            }

            • 3. Re: Set timeouts on AdvancedLdap login module
              sshriram09

              You can also set them as JAVA_OPTS ( -Dcom.sun.jndi.ldap.connect.timeout=5000,-Dcom.sun.jndi.ldap.read.timeout=5000 (value in milliseconds)) in standalone.conf or when starting EAP as:

               

              ./standalone.sh -c standalone-full.xml -Dcom.sun.jndi.ldap.connect.timeout=5000 -Dcom.sun.jndi.ldap.read.timeout=5000