LDAP Socket Timeout Exception
719 views
Skip to first unread message
Alan Reeves
Mar 23, 2015, 5:34:17 PM3/23/15
to nxfil...@googlegroups.com
Hi,
I'm considering implementing my NxFilter server on a Hosted VPS Server (Ubuntu).
(Maybe you have some useful advice - is this a sensible idea - assuming that response times are ok?)
However, in testing access to my Ldap Server (using the Test facility in nxfadmin) I get a Socket Timeout.
Log shows following error (DN and IP edited for security)
ERROR [03-23 16:21:03] - uname = uid=xxxxx,cn=users,dc=ldap,dc=xxxxxxxx,dc=com, error = javax.naming.CommunicationException: nn.nn.nn.nn:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
When I test NxFilter running as a VM on my PC, using the same Ldap Server (which is on a remote network), it all works ok. But I get this timeout when I test the VPS.
This looks like it might be a real timeout - is there a way to increase the timeout?
Kind Regards, and thanks for all your help
Alan Reeves
I'm considering implementing my NxFilter server on a Hosted VPS Server (Ubuntu).
(Maybe you have some useful advice - is this a sensible idea - assuming that response times are ok?)
However, in testing access to my Ldap Server (using the Test facility in nxfadmin) I get a Socket Timeout.
Log shows following error (DN and IP edited for security)
ERROR [03-23 16:21:03] - uname = uid=xxxxx,cn=users,dc=ldap,dc=xxxxxxxx,dc=com, error = javax.naming.CommunicationException: nn.nn.nn.nn:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
When I test NxFilter running as a VM on my PC, using the same Ldap Server (which is on a remote network), it all works ok. But I get this timeout when I test the VPS.
This looks like it might be a real timeout - is there a way to increase the timeout?
Kind Regards, and thanks for all your help
Alan Reeves
Jinhee
Mar 23, 2015, 7:33:15 PM3/23/15
to nxfil...@googlegroups.com
Can you connect your LDAP sever from your VPS?
telnet 192.168.0.100 389
Currently, the connection timeout value is 5 seconds and read timeout value is 20 seconds. I can add some
option for this but I don't think these values are not enough.
Ubuntu on VM is OK. I am running my demo site having NxFilter and NxFilter-Cloud on Ubuntu VM.
telnet 192.168.0.100 389
Currently, the connection timeout value is 5 seconds and read timeout value is 20 seconds. I can add some
option for this but I don't think these values are not enough.
Ubuntu on VM is OK. I am running my demo site having NxFilter and NxFilter-Cloud on Ubuntu VM.
Alan Reeves
Mar 24, 2015, 3:52:24 AM3/24/15
to nxfil...@googlegroups.com
Yes I can connect with telnet.
Alan
Alan
Jinhee
Mar 24, 2015, 3:57:59 AM3/24/15
to nxfil...@googlegroups.com
That is very weird. NxFilter just tries to connect your LDAP server using TCP 389 port. If you can connect it it needs to able to connect it.
I guess there's no delay when you test it using telnet. Did you run NxFilter on the command line?
I guess there's no delay when you test it using telnet. Did you run NxFilter on the command line?
Alan Reeves
Mar 24, 2015, 4:28:14 AM3/24/15
to nxfil...@googlegroups.com
Telnet takes about 11 seconds to reply 'connected'
NxFilter is running at startup, with the -d option
NxFilter is running at startup, with the -d option
Jinhee
Mar 24, 2015, 4:33:07 AM3/24/15
to nxfil...@googlegroups.com
Yeah, that's connection timeout then. But why do you need to use that kind of connection if it's that slow?
LDAP authentication was supposed to be inside local network or even if it's VPN 11 seconds for connection
is too much.
LDAP authentication was supposed to be inside local network or even if it's VPN 11 seconds for connection
is too much.
Alan Reeves
Mar 24, 2015, 4:38:27 AM3/24/15
to nxfil...@googlegroups.com
I'm currently testing with a low-cost VPS, and it may be the bandwidth is not good enough. I can upgrade to a better solution once I have proven it all works. I'm not too worried about LDAP authentication being slow, as this will only happen at logon.
Thanks
Thanks
Jinhee
Mar 24, 2015, 5:11:21 AM3/24/15
to nxfil...@googlegroups.com
We have read time value as well. It's currently 20 seconds. If it takes 11 seconds to connect you can't be sure how long it will
take to import or sync all of your users.
take to import or sync all of your users.
Jinhee
Mar 24, 2015, 8:57:10 PM3/24/15
to nxfil...@googlegroups.com
We're going to have ldap_conn_timeout and ldap_read_timeout options for cfg.properties with v2.7.0.
However I don't think it's a good idea still to use it against an LDAP server taking more than 10 seconds
to connect.
However I don't think it's a good idea still to use it against an LDAP server taking more than 10 seconds
to connect.
Alan Reeves
Mar 25, 2015, 3:45:46 AM3/25/15
to nxfil...@googlegroups.com
Thanks. I agree it's not a good siutation having such a long timeout, but the options will be useful for testing. At the moment I have decided to deploy NxFilter in the local network, as I cannot find the reason for the long timeout. I will investigate the long timeout problem when v2.7.0 is available and when I have more time.
Very grateful for all your help and advice
Alan
Very grateful for all your help and advice
Alan
Reply all
Reply to author
Forward
0 new messages