problem
When the LDAP server response timed out, CloudStack immediately disables the user.
javax.naming.NamingException: LDAP response read timed out, timeout used: 1000 ms.
User is disabled from here:
|
} catch (NoLdapUserMatchingQueryException e) { |
|
logger.debug(e.getMessage()); |
|
disableUserInCloudStack(userAccount); |
|
} catch (NamingException | IOException e) { |
|
logger.debug("ldap Exception: ",e); |
|
throw new NoLdapUserMatchingQueryException("No Ldap User found for username: "+username); |
versions
ACS 4.20.1
The steps to reproduce the bug
- Keep LDAP server not reachable to the management server (and let the LDAP queries to timeout)
- Login with the LDAP user
What to do about it?
Either ignore the timed out errors from the LDAP server during user queries, or allow re-attempts based the configuration 'incorrect.login.attempts.allowed'.
problem
When the LDAP server response timed out, CloudStack immediately disables the user.
javax.naming.NamingException: LDAP response read timed out, timeout used: 1000 ms.User is disabled from here:
cloudstack/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapAuthenticator.java
Lines 175 to 177 in 6059724
cloudstack/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
Lines 305 to 307 in 6059724
versions
ACS 4.20.1
The steps to reproduce the bug
What to do about it?
Either ignore the timed out errors from the LDAP server during user queries, or allow re-attempts based the configuration 'incorrect.login.attempts.allowed'.