2 Replies Latest reply on Oct 4, 2016 3:06 PM by Simranjit Singh

    Set timeout property for ldap Connections

    Simranjit Singh Newbie



      i am getting a socket closed exception in the logs.

      TRACE [org.jboss.as.domain.management.security] (management task-2) Unable to verify identity.: javax.naming.ServiceUnavailableException: <my_ldapserver>:636; socket closed


      Is there any way i can increase the time out for ldap.


      I tried adding properties in outbound configuration in ldap, but it does not seem to work.


      <property name="com.sun.jndi.ldap.connect.timeout" value="100000" />

          <property name="com.sun.jndi.ldap.read.timeout" value="200000" />


      Can anybody please help me on this issue ?


      Message was edited by: Simranjit Singh

        • 1. Re: Set timeout property for ldap Connections
          Martin Choma Master



          probably it has nothing to do with timeouts.


          you are connecting to port 636, what use to be ldaps protocol (ldap over TLS).  And you get "Unable to verify identity" , so probably your truststore doesn't contain proper certificate of server.


          Does it work on non-secured connection?



          • 2. Re: Set timeout property for ldap Connections
            Simranjit Singh Newbie

            Hi Martin,


            I am not using any truststore for connecting to ldap Server.

            Below is the snippet from standalone.xml configuration for ldap


            <security-realm name="ManagementRealm">


              <ldap connection="LDAP" base-dn="ou=divisions,dc=corp,dc=mydomain,dc=com" recursive="false">

              <advanced-filter filter="(&amp;(sAMAccountName={%v})(objectcategory=user)(memberOf=cn=xxxx,ou=Service Accounts,dc=corp,dc=mydomain,dc=com))"/>



                            <authorization map-groups-to-roles="false">

                                <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>





              <ldap name="LDAP" url="ldap://ldapserver_name:636/" search-dn="cn=xxxx,ou=Service Accounts,dc=corp,dc=mydomain,dc=com" search-credential="password">


                 <property name="com.sun.jndi.ldap.read.timeout" value="1000" />