Maximum Read Time

[seanlon11]

I have a simple query that finds all groups for a given Distinguished Name:

public List getAllGroupsForDistinguishedName(String distinguishedName) {

AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "group"));
filter.and(new EqualsFilter("member", distinguishedName));
System.out.println(filter.encode());
ldapTemplate.setIgnorePartialResultException(true) ;

return ldapTemplate.search(this.base,
filter.encode(),
new AttributesMapper() {
public Object mapFromAttributes(Attributes attrs)
throws NamingException {
return attrs.get("cn").get();
}
});

}

For the most part, this query works fine and completes in a couple of seconds. However, every so often there are issues somewhere in the network, and causes the retrieval of these groups to take 10 minutes.

While we are trying to figure out what is wrong with our system, it'd be nice if I could set a maximum amount of time that this query can execute, and if it reaches that time, then retry it a certain number of times before it completely fails.

I thought a timeout would work, but I am not sure if that is the route I want to pursue.

Thanks,
Sean

[seanlon11]

What is extremely odd is that if I run the query without Spring LDAP, and just use the JNDI features of Java, the query returns normally.

What would cause Spring LDAP to take a few minutes to return my groups, but the JNDI returns my groups in a matter of milliseconds.

package test.com.company.ldap;

import java.util.Hashtable;

import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

import org.apache.commons.lang.StringUtils;

public class MemberOfTest{
private static final String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
private static final String connectionURL = "ldap://prodldap.mycompany.com";
private static final String connectionName = "CN=LDAP_WPSBIND,OU=Portal,OU=Applications,OU=Serv ers,DC=blah,DC=mycompany,DC=com";
private static final String connectionPassword = "jf9%F0rfm";

// Optioanl
private static final String authentication = null;
private static final String protocol = null;

private static String username = "scconlo";

private static final String MEMBER_OF = "memberOf";
private static final String[] attrIdsToSearch = new String[] { MEMBER_OF };
public static final String SEARCH_BY_SAM_ACCOUNT_NAME = "(sAMAccountName=%s)";
public static final String SEARCH_GROUP_BY_GROUP_CN = "(&(objectCategory=group)(cn={0}))";
private static String userBase = "DC=company,DC=corp,DC=com";

public static void main(String[] args) throws NamingException {
Hashtable env = new Hashtable();

// Configure our directory context environment.

env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
env.put(Context.PROVIDER_URL, connectionURL);
env.put(Context.SECURITY_PRINCIPAL, connectionName);
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
if (authentication != null)
env.put(Context.SECURITY_AUTHENTICATION, authentication);
if (protocol != null)
env.put(Context.SECURITY_PROTOCOL, protocol);

InitialDirContext context = new InitialDirContext(env);
String filter = StringUtils.replace(SEARCH_BY_SAM_ACCOUNT_NAME, "%s", username);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_ SCOPE);
constraints.setReturningAttributes(attrIdsToSearch );
NamingEnumeration results = context.search(userBase, filter,constraints);
// Fail if no entries found
if (results == null || !results.hasMore()) {
System.out.println("No result found");
return;
}

// Get result for the first entry found
SearchResult result = (SearchResult) results.next();

// Get the entry's distinguished name
NameParser parser = context.getNameParser("");
Name contextName = parser.parse(context.getNameInNamespace());
Name baseName = parser.parse(userBase);

Name entryName = parser.parse(new CompositeName(result.getName()).get(0));

// Get the entry's attributes
Attributes attrs = result.getAttributes();
Attribute attr = attrs.get(attrIdsToSearch[0]);

NamingEnumeration e = attr.getAll();
System.out.println("Group total: " + attr.size());
while (e.hasMore()) {
String value = (String) e.next();
System.out.println(value);
}
}
}

[seanlon11]

Here is my applicationContext.xml that is used within Spring and causes the data to be retrieved extremely slow.

I have tried with setting the "pooled" value to both true and false, and either way it is slow.

Any help would be appreciated.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schem...-beans-2.5.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schem...ng-aop-2.5.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schem...ontext-2.5.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-2.5.xsd">

<bean id="contextSource" class="org.springframework.ldap.pool.factory.Pooli ngContextSource">
<property name="contextSource" ref="companyContextSource" />
<property name="dirContextValidator" ref="dirContextValidator" />
<property name="testOnBorrow" value="true" />
<property name="testWhileIdle" value="true" />
</bean>

<bean id="dirContextValidator" class="org.springframework.ldap.pool.validation.De faultDirContextValidator" />

<bean id="companyContextSource" class="org.springframework.ldap.core.support.LdapC ontextSource" scope="prototype">
<property name="url" value="ldap://prodldap.company.com" />
<property name="userDn" value="CN=SVC_PORTAL_WPSBIND,OU=Portal,OU=Applicat ions,OU=Servers,DC=extranet,DC=company,DC=corp,DC= com" />
<property name="password" value="secretPassword" />
<property name="pooled" value="true"/>
<property name="referral" value="follow"/>
</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate" scope="prototype">
<constructor-arg ref="contextSource" />
<property name="ignorePartialResultException" value="true"/>
</bean>

<bean id="companyLdapDao" class="com.company.ldap.SpringLdapDao">
<constructor-arg index="0" ref="ldapTemplate"/>
<property name="resetPasswordFlagLeafNodeValue" value="cn=specops-spp-pwdReset"/>
<property name="base" value="DC=company,DC=corp,DC=com"/>
</bean>

<bean id="ldapService" class="com.company.service.LdapService">
<property name="companyLdapDao" ref="companyLdapDao" />
</bean>
</beans>