Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-403

IDM not able to handle Ldap server restarts

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • PLINK_2.6.0.CR3
    • PLINK_2.6.0.CR1
    • IDM
    • None

    Description

      I have application, which is using Picketlink+Ldap. Now when I restart my Ldap server, I am not able to use my application anymore. It fails with exceptions like:

      16:22:52,806 ERROR [org.picketlink.idm.identity.store.ldap] Could not query server using DN [ou=People,o=portal,o=gatein,dc=example,dc=com] and filter [(&((uid=joseph)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)))]
javax.naming.CommunicationException: connection closed [Root exception is java.io.IOException: connection closed]; remaining name 'ou=People,o=portal,o=gatein,dc=example,dc=com'
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1983)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
	at org.picketlink.idm.ldap.internal.LDAPOperationManager.search(LDAPOperationManager.java:249)
	at org.picketlink.idm.ldap.internal.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:213)
	at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:137)
	at org.picketlink.idm.model.basic.BasicModel.getUser(BasicModel.java:89)
	at 
....
Caused by: java.io.IOException: connection closed
	at com.sun.jndi.ldap.LdapClient.ensureOpen(LdapClient.java:1558)
	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:503)
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
	... 59 more

      As a workaround, I need to either restart my application, or reinitialize whole IDM including PartitionManager. The cause seems to be in the fact that LdapOperationManager uses just single LdapContext created at the construction time of LdapOperationManager. It seems that when underlying connection is closed, the LdapOperationManager.context object is unusable.

      The solution might be to introduce support for connection pools (Note that GateIn+Picketlink IDM 1.X uses connection pooling and is able to handle Ldap restarts correctly)

      Attachments

        Issue Links

          relates to

          Feature Request - Feature requests from customers and/or users PLINK-385 Support connection pooling when using the LDAP Identity Store

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              anil.saldhana Anil Saldanha (Inactive)
              mposolda@redhat.com Marek Posolda
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: