Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Incomplete
-
1.0.0
-
None
-
Windows, Linux
Description
LdapNetworkConnection.setTimeOut() doesnt work as expected, it doesnt runs into a timeout exception with these value, instead of this you have to use
((LdapNetworkConnection) conn).getConfig().setTimeout(TIMEOUT_LIMIT_SECONDS * 1000L);
Not working code:
try (LdapConnection conn = new LdapNetworkConnection(host, port)) { //set timeout of 3 seconds conn.setTimeout(3000); conn.bind("uid=" + username + ",cn=users,cn=accounts,dc=example,dc=com", password); SearchRequest req = new SearchRequestImpl(); req.setTimeLimit(TIMEOUT_LIMIT_SECONDS); req.setScope(SearchScope.SUBTREE); req.addAttributes("memberOf"); req.setBase(new Dn("cn=users,cn=accounts,dc=example,dc=com")); req.setFilter("(&(uid=" + username + ")(memberOf=cn=" + privilege + ",cn=privileges,cn=pbac,dc=example,dc=com))"); SearchCursor cursor = conn.search(req); if (cursor.next()) { //seems fine so far } else { group = -1; throw new BadCredentialsException("You don't have access to JCroft. Please ask the ops for access!"); } req.abandon(); SearchRequest req2 = new SearchRequestImpl(); req2.setTimeLimit(TIMEOUT_LIMIT_SECONDS); req2.setScope(SearchScope.SUBTREE); req2.addAttributes("memberOf"); req2.setBase(new Dn("cn=users,cn=accounts,dc=example,dc=com")); req2.setFilter("(&(uid=" + username + ")(memberOf=cn=" + privilege2 + ",cn=privileges,cn=pbac,dc=example,dc=com))"); SearchCursor cursor2 = conn.search(req2); if (cursor2.next()) { group = 1; } else { group = 0; } conn.unBind(); } catch (InvalidConnectionException e) { throw new BadCredentialsException("LDAP server is down. Please try again later."); } catch (IOException e) { e.printStackTrace(); throw new BadCredentialsException(ERROR_WHILE_AUTHENTIFICATING); } catch (LdapAuthenticationException ex) { throw new BadCredentialsException("Your credentials were not accepted!"); }
Working example:
try (LdapConnection conn = new LdapNetworkConnection(host, port)) { //set timeout of 3 seconds ((LdapNetworkConnection) conn).getConfig().setTimeout(3 * 1000L); conn.bind("uid=" + username + ",cn=users,cn=accounts,dc=example,dc=com", password); SearchRequest req = new SearchRequestImpl(); req.setTimeLimit(TIMEOUT_LIMIT_SECONDS); req.setScope(SearchScope.SUBTREE); req.addAttributes("memberOf"); req.setBase(new Dn("cn=users,cn=accounts,dc=example,dc=com")); req.setFilter("(&(uid=" + username + ")(memberOf=cn=" + privilege + ",cn=privileges,cn=pbac,dc=example,dc=com))"); SearchCursor cursor = conn.search(req); if (cursor.next()) { //seems fine so far } else { group = -1; throw new BadCredentialsException("You don't have access to JCroft. Please ask the ops for access!"); } req.abandon(); SearchRequest req2 = new SearchRequestImpl(); req2.setTimeLimit(TIMEOUT_LIMIT_SECONDS); req2.setScope(SearchScope.SUBTREE); req2.addAttributes("memberOf"); req2.setBase(new Dn("cn=users,cn=accounts,dc=example,dc=com")); req2.setFilter("(&(uid=" + username + ")(memberOf=cn=" + privilege2 + ",cn=privileges,cn=pbac,dc=example,dc=com))"); SearchCursor cursor2 = conn.search(req2); if (cursor2.next()) { group = 1; } else { group = 0; } conn.unBind(); } catch (InvalidConnectionException e) { throw new BadCredentialsException("LDAP server is down. Please try again later."); } catch (IOException e) { e.printStackTrace(); throw new BadCredentialsException(ERROR_WHILE_AUTHENTIFICATING); } catch (LdapAuthenticationException ex) { throw new BadCredentialsException("Your credentials were not accepted!"); }