Uploaded image for project: 'Directory Studio'
  1. Directory Studio
  2. DIRSTUDIO-1091

Apache DS M10 hangs at 14% when connectiing on Windows 10

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M10 (2.0.0.v20151221-M10)
    • Fix Version/s: 2.0.0-M11, 2.0.0-M12
    • Component/s: studio-connection
    • Labels:
      None
    • Environment:
      Windows 10, tested with 32-bit java 1.8.0-71.

      Description

      Downloaded 32 bit version of M10 on both Windows 2012R2 and Windows10.
      On Windows 10 I also already had M9.

      I created two connections on both environments, one to an AD and one to an eDirectory and while doing that I confirmed that the connection was valid and the user was correct and the password verification was successful.

      From Windows 2012r" the connections were set up correctly and everything works as expected.

      On Windows 10 the connection stalls at 14% every time, this is verified on another site too.
      On Windows 10 the same connection works if I use M9 instead.
      Since that is on the same computer it has exactly the same values etc.

        Issue Links

          Activity

          Hide
          elecharny Emmanuel Lecharny added a comment -

          This is most likely a problem with the LDAP API (and more specifically with the SSL layer).

          I suggest you switch to JNDI in the connection panel.

          We will have this bug fixed in the next version (the API has already been fixed).

          Show
          elecharny Emmanuel Lecharny added a comment - This is most likely a problem with the LDAP API (and more specifically with the SSL layer). I suggest you switch to JNDI in the connection panel. We will have this bug fixed in the next version (the API has already been fixed).
          Hide
          kwin Konrad Windszus added a comment - - edited

          I have the same problem when connecting using StartTLS and the Apache Directory Client API. Also there is no possibility to stop the connection request. You basically have to kill Apache Directory Studio to escape from that.
          Either disabling the StartTLS encryption or switching to JNDI fixes this.

          Except for fixing the actual issue it would also be good if a user would be able to cancel any connection request.

          Emmanuel Lecharny Can you point me to the according commit and JIRA issue for the API bug?

          Show
          kwin Konrad Windszus added a comment - - edited I have the same problem when connecting using StartTLS and the Apache Directory Client API. Also there is no possibility to stop the connection request. You basically have to kill Apache Directory Studio to escape from that. Either disabling the StartTLS encryption or switching to JNDI fixes this. Except for fixing the actual issue it would also be good if a user would be able to cancel any connection request. Emmanuel Lecharny Can you point me to the according commit and JIRA issue for the API bug?
          Hide
          elecharny Emmanuel Lecharny added a comment -

          This is a MINA issue, likely this one :

          https://issues.apache.org/jira/browse/DIRMINA-1023?jql=project%20%3D%20DIRMINA

          Again, I strongly suggest you check with JNDI to see if it's any better.

          In any case, the LDAP API has switched to MINA 2.0.13 and should be released soon, so will Studio.

          Show
          elecharny Emmanuel Lecharny added a comment - This is a MINA issue, likely this one : https://issues.apache.org/jira/browse/DIRMINA-1023?jql=project%20%3D%20DIRMINA Again, I strongly suggest you check with JNDI to see if it's any better. In any case, the LDAP API has switched to MINA 2.0.13 and should be released soon, so will Studio.
          Hide
          joakim_ganse Joakim Ganse added a comment -

          I just tried with switching to the JNDI and it still halts at 14% so that is unfortunately not a solution.

          For now I will use M9 if this is resolved in the next version.
          Is the code in a nightly build? That would be interesting to try.

          Show
          joakim_ganse Joakim Ganse added a comment - I just tried with switching to the JNDI and it still halts at 14% so that is unfortunately not a solution. For now I will use M9 if this is resolved in the next version. Is the code in a nightly build? That would be interesting to try.
          Hide
          elecharny Emmanuel Lecharny added a comment -
          Show
          elecharny Emmanuel Lecharny added a comment - Can you try with that : https://builds.apache.org/job/dir-studio/ ?
          Hide
          kwin Konrad Windszus added a comment -

          Just to clarify that again:
          For me switching to JNDI works perfectly fine.

          Show
          kwin Konrad Windszus added a comment - Just to clarify that again: For me switching to JNDI works perfectly fine.
          Hide
          kwin Konrad Windszus added a comment -

          I just tried with Version: 2.0.0.v20160217 and it still is hanging at 14% with StartTLS and LDAP API.
          I can see that even with that Apache Directory Studio version the following plugins are delivered

          1. Apache MINA Core 2.0.10
          2. Apache Directory LDAP API Network MINA 1.0.0M33

          So this cannot yet fix the issue https://issues.apache.org/jira/browse/DIRMINA-1023.

          Show
          kwin Konrad Windszus added a comment - I just tried with Version: 2.0.0.v20160217 and it still is hanging at 14% with StartTLS and LDAP API. I can see that even with that Apache Directory Studio version the following plugins are delivered Apache MINA Core 2.0.10 Apache Directory LDAP API Network MINA 1.0.0M33 So this cannot yet fix the issue https://issues.apache.org/jira/browse/DIRMINA-1023 .
          Hide
          joakim_ganse Joakim Ganse added a comment -

          Further testing.
          LDAP or JNDI interface seems to be the same.
          The only solution that I have stumbled upon is that if I make a successfull unencrypted connection (port 389) first then all subsequent ssl connections will function no matter what interface I am using.

          Show
          joakim_ganse Joakim Ganse added a comment - Further testing. LDAP or JNDI interface seems to be the same. The only solution that I have stumbled upon is that if I make a successfull unencrypted connection (port 389) first then all subsequent ssl connections will function no matter what interface I am using.
          Hide
          elecharny Emmanuel Lecharny added a comment -

          Ok, thanks for having tested that. It makes perfect sense. We have to bump up the dependencis in our nightly build.

          Show
          elecharny Emmanuel Lecharny added a comment - Ok, thanks for having tested that. It makes perfect sense. We have to bump up the dependencis in our nightly build.
          Hide
          elecharny Emmanuel Lecharny added a comment -

          Now, that is weird.

          I would suggest you fist quit Studio, restart it, select your connection, use JNDI, and see if it's working or not.

          Show
          elecharny Emmanuel Lecharny added a comment - Now, that is weird. I would suggest you fist quit Studio, restart it, select your connection, use JNDI, and see if it's working or not.
          Hide
          elecharny Emmanuel Lecharny added a comment -

          For the record, the bug was tracked down by Radovan two weeks ago, and he found that AD has a weird way to end the TLS handshake negociation, leading to a deadlock in MINA (the network layer we use for the API).

          Show
          elecharny Emmanuel Lecharny added a comment - For the record, the bug was tracked down by Radovan two weeks ago, and he found that AD has a weird way to end the TLS handshake negociation, leading to a deadlock in MINA (the network layer we use for the API).
          Hide
          kwin Konrad Windszus added a comment -

          For me the issue occurs with OpenLDAP (not with AD).

          Show
          kwin Konrad Windszus added a comment - For me the issue occurs with OpenLDAP (not with AD).
          Hide
          joakim_ganse Joakim Ganse added a comment -

          Tried that and it doesn't matter.

          What does work is to do an 389 connection and all connections after that works even if I shut down of change interface.

          I can only verify this to AD since that by strange reasons it defaults to allow 389. Since eDirectory does not allow unencrypted connections I have not verified this there.

          I also find it strange that it only appears on the Windows 10 workstation. From other clients it works fine.

          Show
          joakim_ganse Joakim Ganse added a comment - Tried that and it doesn't matter. What does work is to do an 389 connection and all connections after that works even if I shut down of change interface. I can only verify this to AD since that by strange reasons it defaults to allow 389. Since eDirectory does not allow unencrypted connections I have not verified this there. I also find it strange that it only appears on the Windows 10 workstation. From other clients it works fine.
          Hide
          elecharny Emmanuel Lecharny added a comment -

          Yes, the issue can occur when you have some large packet being exchanged.

          Show
          elecharny Emmanuel Lecharny added a comment - Yes, the issue can occur when you have some large packet being exchanged.
          Hide
          joakim_ganse Joakim Ganse added a comment -

          Sorry for being stupid

          I just realized there are two places to change the interface.
          1. the suggested default from window - preferences - apache directory studio - connections. This obviously works for new servers that are added.

          2. Right click the persent connection and select properties, change provider.

          If I cange the provider to JNDI using method 2 so it actually changes for my connetion it all works.

          So you are as expected correct in your assumption it is a bug in the LDAP api, use JNDI works.

          cheers

          Show
          joakim_ganse Joakim Ganse added a comment - Sorry for being stupid I just realized there are two places to change the interface. 1. the suggested default from window - preferences - apache directory studio - connections. This obviously works for new servers that are added. 2. Right click the persent connection and select properties, change provider. If I cange the provider to JNDI using method 2 so it actually changes for my connetion it all works. So you are as expected correct in your assumption it is a bug in the LDAP api, use JNDI works. cheers
          Hide
          seelmann Stefan Seelmann added a comment -

          Caused by DIRMINA-1023 which is fixed and integrated in M11/M12.

          Show
          seelmann Stefan Seelmann added a comment - Caused by DIRMINA-1023 which is fixed and integrated in M11/M12.

            People

            • Assignee:
              Unassigned
              Reporter:
              joakim_ganse Joakim Ganse
            • Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development