KBEC-00514 - Changing CloudBees CD/RO Built-in LDAP Read Timeout

2 minute readKnowledge base

Issue

In a CloudBees CD/RO 10.x environment that utilizes LDAP for authentication, users may encounter frequent login problems such as slow login times or unable to log in to the CloudBees CD/RO server. When examining the commander.log file, LDAP-related timeout errors similar to the following may be observed:

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occurred during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used: 5000 ms.; remaining name 'dc=xxxxx,dc=com'
Paged Search failed: javax.naming.NamingException: LDAP response read timed out, timeout used: 5000 ms.; remaining name 'DC=xxxxx,DC=com'
javax.naming.NamingException: LDAP response read timed out, timeout used: 5000 ms.

Environment

Resolution

To address LDAP-related timeout issues in CloudBees CD/RO, the default LDAP read timeout can be increased by modifying the wrapper.conf file normally located at /opt/cbflow/conf/wrapper.conf. Follow the steps outlined below we will be doubling the default timeout value of 5000ms to 10000ms to give the login process a bit more time to complete the transaction:

  1. Open the wrapper.conf file using a text editor and locate the following line in the file:

    # Enabled endpoint identification for LDAPS connections.

  2. Insert the following additional Java arguments immediately after the line mentioned above:

    wrapper.java.additional.326=-Dcom.sun.jndi.ldap.connect.pool=true
wrapper.java.additional.327=-Dcom.sun.jndi.ldap.connect.timeout=10000
wrapper.java.additional.328=-Dcom.sun.jndi.ldap.read.timeout=10000

  3. Save the wrapper.conf file and restart the CloudBees CD/RO server.

These additional arguments will double the default CloudBees CD/RO LDAP read timeout from 5000ms to 10000ms (10 seconds). If you require a different timeout value, you can modify the numerical value accordingly.

After making these modifications, CloudBees CD/RO should utilize the updated LDAP read timeout value, potentially mitigating login issues caused by LDAP timeouts. Please note that modifying system configuration files should be done with caution, and it is advisable to take proper backups before making any changes.