add LDAP tunables

fixes #2741
fixes #2742

Author: Vladimir Kotal

plugins/sample-ldap-plugin-config.xml

@@ -4,16 +4,25 @@
                 <void property="interval">
                         <int>900000</int>
                 </void>
+                <void property="searchTimeout">
+                        <int>500</int>
+                </void>
                 <void property="searchBase">
                         <string>dc=foobar,dc=com</string>
                 </void>
+                <void property="connectTimeout">
+                        <int>5000</int>
+                </void>
+                <void property="countLimit">
+                        <int>100</int>
+                </void>
                 <void property="servers">
                         <void method="add">
                                 <object class="opengrok.auth.plugin.ldap.LdapServer">
                                         <void property="name">
                                                 <string>ldap://ldap1.foobar.com</string>
                                         </void>
-                                        <void property="timeout">
+                                        <void property="connectTimeout">
                                                 <int>5000</int>
                                         </void>
                                 </object>
@@ -23,9 +32,6 @@
                                         <void property="name">
                                                 <string>ldap://ldap2.foobar.com</string>
                                         </void>
-                                        <void property="timeout">
-                                                <int>5000</int>
-                                        </void>
                                 </object>
                         </void>
                 </void>

plugins/src/opengrok/auth/plugin/configuration/Configuration.java

@@ -33,17 +33,23 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
 import opengrok.auth.plugin.ldap.LdapServer;
 import opengrok.auth.plugin.util.Hooks;
 
-public class Configuration {
+public class Configuration implements Serializable {
+
+    private static final long serialVersionUID = -1;
 
     private List<LdapServer> servers = new ArrayList<>();
     private int interval;
     private String searchBase;
     private Hooks hooks;
+    private int searchTimeout;
+    private int connectTimeout;
+    private int countLimit;
 
     public void setServers(List<LdapServer> servers) {
         this.servers = servers;
@@ -69,6 +75,30 @@ public void setInterval(int interval) {
         this.interval = interval;
     }
 
+    public int getSearchTimeout() {
+        return this.searchTimeout;
+    }
+
+    public void setSearchTimeout(int timeout) {
+        this.searchTimeout = timeout;
+    }
+
+    public int getConnectTimeout() {
+        return this.connectTimeout;
+    }
+
+    public void setConnectTimeout(int timeout) {
+        this.connectTimeout = timeout;
+    }
+
+    public int getCountLimit() {
+        return this.countLimit;
+    }
+
+    public void setCountLimit(int limit) {
+        this.countLimit = limit;
+    }
+
     public String getSearchBase() {
         return searchBase;
     }
@@ -90,7 +120,7 @@ private void encodeObject(OutputStream out) {
     }
 
     /**
-     * Read a configuration from a file in xml format.
+     * Read a configuration from a file in XML format.
      *
      * @param file input file
      * @return the new configuration object
@@ -124,7 +154,7 @@ private static Configuration decodeObject(InputStream in) throws IOException {
         }
 
         if (!(ret instanceof Configuration)) {
-            throw new IOException("Not a valid config file");
+            throw new IOException("Not a valid configuration file");
         }
 
         return (Configuration) ret;

plugins/src/opengrok/auth/plugin/ldap/LdapFacade.java

@@ -58,11 +58,13 @@ public class LdapFacade extends AbstractLdapProvider {
     private static final String LDAP_FILTER = "objectclass=*";
 
     /**
-     * Timeout for retrieving the results.
+     * default timeout for retrieving the results
      */
-    private static final int LDAP_TIMEOUT = 5000; // ms
+    private static final int LDAP_SEARCH_TIMEOUT = 5000; // ms
 
     /**
+     * default limit of result traversal
+     *
      * @see
      * <a href="https://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchControls.html#setCountLimit%28long%29">SearchControls</a>
      *
@@ -178,11 +180,11 @@ public Map<String, Set<String>> mapFromAttributes(Attributes attrs) throws Namin
     };
 
     public LdapFacade(Configuration cfg) {
-        setServers(cfg.getServers());
+        setServers(cfg.getServers(), cfg.getConnectTimeout());
         setInterval(cfg.getInterval());
         setSearchBase(cfg.getSearchBase());
         setHooks(cfg.getHooks());
-        prepareSearchControls();
+        prepareSearchControls(cfg.getSearchTimeout(), cfg.getCountLimit());
         prepareServers();
     }
 
@@ -218,8 +220,14 @@ public List<LdapServer> getServers() {
         return servers;
     }
 
-    public LdapFacade setServers(List<LdapServer> servers) {
+    public LdapFacade setServers(List<LdapServer> servers, int timeout) {
         this.servers = servers;
+        // Inherit connect timeout from server pool configuration.
+        for (LdapServer server : servers) {
+            if (server.getConnectTimeout() == 0 && timeout != 0) {
+                server.setConnectTimeout(timeout);
+            }
+        }
         return this;
     }
 
@@ -267,9 +275,16 @@ public Map<String, Set<String>> lookupLdapContent(User user, String filter, Stri
                 new ContentAttributeMapper(values));
     }
 
-    private SearchControls prepareSearchControls() {
+    private SearchControls prepareSearchControls(int ldapTimeout, int ldapCountLimit) {
         controls = new SearchControls();
         controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+        controls.setTimeLimit(ldapTimeout > 0 ? ldapTimeout : LDAP_SEARCH_TIMEOUT);
+        controls.setCountLimit(ldapCountLimit > 0 ? ldapCountLimit : LDAP_COUNT_LIMIT);
+
+        return controls;
+    }
+
+    public SearchControls getSearchControls() {
         return controls;
     }
 

plugins/src/opengrok/auth/plugin/ldap/LdapServer.java

@@ -22,6 +22,7 @@
  */
 package opengrok.auth.plugin.ldap;
 
+import java.io.Serializable;
 import java.util.Hashtable;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -34,21 +35,23 @@
 import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
 
-public class LdapServer {
+public class LdapServer implements Serializable {
+
+    private static final long serialVersionUID = -1;
 
     private static final Logger LOGGER = Logger.getLogger(LdapServer.class.getName());
 
-    private static final String LDAP_TIMEOUT_PARAMETER = "com.sun.jndi.ldap.connect.timeout";
+    private static final String LDAP_TIMEOUT_PARAMETER = "com.sun.jndi.ldap.connect.connectTimeout";
     private static final String LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
     /**
-     * Timeout for connecting.
+     * default connectTimeout for connecting
      */
-    private static final int LDAP_TIMEOUT = 5000; // ms
+    private static final int LDAP_CONNECT_TIMEOUT = 5000; // ms
 
     private String url;
     private String username;
     private String password;
-    private int timeout;
+    private int connectTimeout;
     private int interval = 10 * 1000;
 
     private Hashtable<String, String> env;
@@ -95,12 +98,12 @@ public LdapServer setPassword(String password) {
         return this;
     }
 
-    public int getTimeout() {
-        return timeout;
+    public int getConnectTimeout() {
+        return connectTimeout;
     }
 
-    public LdapServer setTimeout(int timeout) {
-        this.timeout = timeout;
+    public LdapServer setConnectTimeout(int connectTimeout) {
+        this.connectTimeout = connectTimeout;
         return this;
     }
 
@@ -140,19 +143,19 @@ private synchronized LdapContext connect() {
         }
 
         if (ctx == null) {
-            try {
-                env.put(Context.PROVIDER_URL, this.url);
-
-                if (this.username != null) {
-                    env.put(Context.SECURITY_PRINCIPAL, this.username);
-                }
-                if (this.password != null) {
-                    env.put(Context.SECURITY_CREDENTIALS, this.password);
-                }
-                if (this.timeout > 0) {
-                    env.put(LDAP_TIMEOUT_PARAMETER, Integer.toString(this.timeout));
-                }
+            env.put(Context.PROVIDER_URL, this.url);
+
+            if (this.username != null) {
+                env.put(Context.SECURITY_PRINCIPAL, this.username);
+            }
+            if (this.password != null) {
+                env.put(Context.SECURITY_CREDENTIALS, this.password);
+            }
+            if (this.connectTimeout > 0) {
+                env.put(LDAP_TIMEOUT_PARAMETER, Integer.toString(this.connectTimeout));
+            }
 
+            try {
                 ctx = new InitialLdapContext(env, null);
                 ctx.reconnect(null);
                 ctx.setRequestControls(null);
@@ -165,6 +168,7 @@ private synchronized LdapContext connect() {
                 return ctx = null;
             }
         }
+
         return ctx;
     }
 
@@ -231,16 +235,18 @@ public synchronized void close() {
             try {
                 ctx.close();
             } catch (NamingException ex) {
+                LOGGER.log(Level.WARNING, "cannot close LDAP server {0}", getUrl());
             }
             ctx = null;
         }
     }
 
     private static Hashtable<String, String> prepareEnv() {
         Hashtable<String, String> e = new Hashtable<String, String>();
+
         e.put(Context.INITIAL_CONTEXT_FACTORY, LDAP_CONTEXT_FACTORY);
-        e.put(LDAP_TIMEOUT_PARAMETER, Integer.toString(LDAP_TIMEOUT));
+        e.put(LDAP_TIMEOUT_PARAMETER, Integer.toString(LDAP_CONNECT_TIMEOUT));
+
         return e;
     }
-
 }

plugins/test/opengrok/auth/plugin/LdapFacadeTest.java

@@ -0,0 +1,39 @@
+package opengrok.auth.plugin;
+
+import opengrok.auth.plugin.configuration.Configuration;
+import opengrok.auth.plugin.ldap.LdapFacade;
+import opengrok.auth.plugin.ldap.LdapServer;
+import org.junit.Test;
+
+import javax.naming.directory.SearchControls;
+
+import java.util.Collections;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class LdapFacadeTest {
+    @Test
+    public void testSearchControlsConfig() {
+        Configuration config = new Configuration();
+        int searchTimeout = 1234;
+        config.setSearchTimeout(searchTimeout);
+        int countLimit = 32;
+        config.setCountLimit(countLimit);
+
+        LdapFacade facade = new LdapFacade(config);
+        SearchControls controls = facade.getSearchControls();
+        assertEquals(searchTimeout, controls.getTimeLimit());
+        assertEquals(countLimit, controls.getCountLimit());
+    }
+
+    @Test
+    public void testConnectTimeoutInheritance() {
+        Configuration config = new Configuration();
+        config.setServers(Collections.singletonList(new LdapServer("http://foo.bar")));
+        int timeoutValue = 42;
+        config.setConnectTimeout(timeoutValue);
+        LdapFacade facade = new LdapFacade(config);
+        assertTrue(facade.getServers().stream().anyMatch(s -> s.getConnectTimeout() == timeoutValue));
+    }
+}

plugins/test/opengrok/auth/plugin/config.xml

@@ -13,7 +13,7 @@
 					<void property="name">
 						<string>ldap://ldap.foobar.com</string>
 					</void>
-					<void property="timeout">
+					<void property="connectTimeout">
 						<int>10</int>
 					</void>
 				</object>

plugins/test/opengrok/auth/plugin/configuration/ConfigurationTest.java

@@ -63,6 +63,9 @@ public void exceptionThrown(Exception e) {
 
         Configuration configuration1 = new Configuration();
         configuration1.setInterval(500);
+        configuration1.setSearchTimeout(1000);
+        configuration1.setConnectTimeout(42);
+        configuration1.setCountLimit(10);
         configuration1.setServers(new ArrayList<>(Arrays.asList(new LdapServer("http://server.com"))));
         Hooks hooks = new Hooks();
         Hook hook = new Hook();