Users can't login to Stash - LDAP response read timed out
症状
Users are unable to login to Stash.
atlassian-stash.log に次のエラーが返される。
2014-08-26 22:26:35,892 ERROR [clusterScheduler_Worker-2] c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ 229377 ].
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:847) ~[crowd-ldap-2.7.2.jar:na]
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:80) ~[crowd-ldap-2.7.2.jar:na]
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:993) ~[crowd-core-2.7.2.jar:na]
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:75) ~[crowd-core-2.7.2.jar:na]
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) ~[crowd-core-2.7.2.jar:na]
at com.atlassian.stash.internal.crowd.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:71) [stash-service-impl-3.2.0.jar:na]
at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:127) [atlassian-scheduler-core-1.2.2.jar:na]
at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) [atlassian-scheduler-core-1.2.2.jar:na]
at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) [atlassian-scheduler-core-1.2.2.jar:na]
at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) [atlassian-scheduler-quartz1-1.2.2.jar:na]
at org.quartz.core.JobRunShell.run(JobRunShell.java:223) [quartz-1.8.6.jar:na]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) [quartz-1.8.6.jar:na]
... 13 frames trimmed
Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name '/'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217) ~[spring-ldap-core-1.3.1.RELEASE.jar:1.3.1.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810) ~[spring-ldap-core-1.3.1.RELEASE.jar:1.3.1.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793) ~[spring-ldap-core-1.3.1.RELEASE.jar:1.3.1.RELEASE]
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:822) ~[spring-ldap-core-1.3.1.RELEASE.jar:1.3.1.RELEASE]
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$3.call(LdapTemplateWithClassLoaderWrapper.java:88) ~[crowd-ldap-2.7.2.jar:na]
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:54) ~[crowd-ldap-2.7.2.jar:na]
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.lookup(LdapTemplateWithClassLoaderWrapper.java:85) ~[crowd-ldap-2.7.2.jar:na]
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:823) ~[crowd-ldap-2.7.2.jar:na]
... 12 common frames omitted
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.
at com.sun.jndi.ldap.Connection.readReply(Connection.java:483) ~[na:1.7.0_67]
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639) ~[na:1.7.0_67]
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562) ~[na:1.7.0_67]
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) ~[na:1.7.0_67]
at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1934) ~[na:1.7.0_67]
at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1028) ~[na:1.7.0_67]
at com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.java:544) ~[na:1.7.0_67]
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompositeContext.java:177) ~[na:1.7.0_67]
at javax.naming.InitialContext.lookup(InitialContext.java:415) ~[na:1.7.0_67]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92) ~[spring-ldap-core-1.3.1.RELEASE.jar:1.3.1.RELEASE]
at org.springframework.ldap.core.LdapTemplate$9.executeWithContext(LdapTemplate.java:824) ~[spring-ldap-core-1.3.1.RELEASE.jar:1.3.1.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807) ~[spring-ldap-core-1.3.1.RELEASE.jar:1.3.1.RELEASE]
... 18 common frames omitted原因
There can be multiple causes for this error:
- The LDAP directory is too huge and Stash fails to find the user before the timeout.
- There have been cases where the enabled 'Follow Referral' option causes the same behavior.
- Stale connections are not being closed and when used the next time, they immediately fail
- If you're seeing authentication attempts immediately fail as opposed to after the 120000ms timeout, this could be the cause
- An improvement for this is being tracked at CWD-4297 - Getting issue details... STATUS
ソリューション
Increase LDAP Read Timeout
Administration > User Directoriesに移動します。- Edit the LDAP directory
- Increase the value of Read Timeout
Disable Follow Referral
Administration > User Directoriesに移動します。- Edit the LDAP directory
- Disable the Follow Referral option
Set a Timeout to Automatically Close Stale LDAP Connections in the Pool
- Stop Stash
Modify
<Stash Installation>/bin/setenv.shto add the following parameter to theJVM_SUPPORT_RECOMMENDED_ARGS:JVM_SUPPORT_RECOMMENDED_ARGS="-Dcom.sun.jndi.ldap.connect.pool.timeout=300000"- This will timeout idle LDAP connections from the pool after 5 minutes and help clear out any stale connections from being reused
- Start Stash
Last modified on Mar 30, 2016
Powered by Confluence and Scroll Viewport.