LDAP > timeout
Moderator: crythias
LDAP > timeout
Hi,
i already tried it in the german part of this forum, but received no answer (and at the moment i'm not even able to find the thread).
We have mutliple backends connected to our OTRS and if one of them is not reachable (e.g. VPN down) the whole system is not working properly anymore.
The "timeout" parameter in config.pm seems to be NOT WORKING ... does anyone have ANY information about that? How did you realize that?
Thanx, Andy
i already tried it in the german part of this forum, but received no answer (and at the moment i'm not even able to find the thread).
We have mutliple backends connected to our OTRS and if one of them is not reachable (e.g. VPN down) the whole system is not working properly anymore.
The "timeout" parameter in config.pm seems to be NOT WORKING ... does anyone have ANY information about that? How did you realize that?
Thanx, Andy
LIVE: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
-
- Administrator
- Posts: 3963
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: LDAP > timeout
Please provide you relevant part of the Config.pm
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: LDAP > timeout
Hi, our config.pm is built like this:
We got 11 different customer ids ... which results in 11 ldap-connections. Everything is working perfect, except if one of those ldap-connections is not available ... for that we would like to add a timeout.
Already tried it different ways - the last try was something like:
CPAN is saying that there is a parameter called "timeout" (https://metacpan.org/pod/Net::LDAP) which I was not able to set up properly:
Code: Select all
# Customer 1 #
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '[IP address]';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = '[BaseDN]';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'mail';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '[SearchUserDN]';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '[SearchUserPW]';
$Self->{CustomerUser} = {
Name => 'Customer 1',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '[IP address]',
BaseDN => '[BaseDN]',
SSCOPE => 'sub',
UserDN =>'[UserDN]',
UserPw => '[UserPW]',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
AlwaysFilter => '(&(mail=*)(extensionAttribute10=customer1))',
},
# customer unique id
CustomerKey => 'mail',
# customer #
CustomerID => 'extensionAttribute10',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['cn', 'mail'],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'mail', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserDomain', 'DomainUser', 'userPrincipalName', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'extensionAttribute10', 0, 1, 'var' ],
[ 'UserGroupID', 'UserGroupID', 'primaryGroupID', 0, 1, 'var' ],
],
};
########################################################
# Customer 2 #
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = '[IP address]';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = '[BaseDN]';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'mail';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = '[SearchUserDN]';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = '[SearchUserPW]';
$Self->{CustomerUser1} = {
Name => 'Customer 2',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '[IP address]',
BaseDN => '[BaseDN]',
SSCOPE => 'sub',
UserDN =>'[UserDN]',
UserPw => '[UserPW]',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
AlwaysFilter => '(&(mail=*)(extensionAttribute10=customer2))',
},
# customer unique id
CustomerKey => 'mail',
# customer #
CustomerID => 'extensionAttribute10',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['cn', 'mail'],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'mail', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserDomain', 'DomainUser', 'userPrincipalName', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'extensionAttribute10', 0, 1, 'var' ],
[ 'UserGroupID', 'UserGroupID', 'primaryGroupID', 0, 1, 'var' ],
],
};
########################################################
[...]
Already tried it different ways - the last try was something like:
Code: Select all
$Self->{'Customer::AuthModule::LDAP::Params'} = {
timelimit => 10,
};
CPAN is saying that there is a parameter called "timeout" (https://metacpan.org/pod/Net::LDAP) which I was not able to set up properly:
So I did some research and found out, that the parameter "timeout" is ignored in some cases ... or maybe i did just wrongCPAN wrote:timeout => N
Timeout passed to IO::Socket when connecting the remote server. (Default: 120)
LIVE: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
-
- Administrator
- Posts: 3963
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: LDAP > timeout
Using in each of your blocks is the solution.
Code: Select all
timeout => 5
Code: Select all
Params => {..}
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: LDAP > timeout
Thx for your reply, but I added
in each of my
Blocks, but still - if one ldap-connection does not response, it takes about 120 seconds until "index.pl?Action=AdminCustomerUser" is "loaded".
I used the test system to delete every customer except one from the config.pm. I changed the IP address to a non existing host and tried the timeout paramter 5 and '5' - without sucess - still 120 seconds "loading time".
/edit: For our agents, the config looks like this:
There is a parameter for timeout too, and its set to 60 ... maybe this setting overwrites the other timeout parameters?!
Code: Select all
timeout = 5
Code: Select all
Params => { ... }
I used the test system to delete every customer except one from the config.pm. I changed the IP address to a non existing host and tried the timeout paramter 5 and '5' - without sucess - still 120 seconds "loading time".
/edit: For our agents, the config looks like this:
Code: Select all
########################################################
# ---------------------------------------------------- #
# #
# Agenten #
# #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '[IP address]';
$Self->{'AuthModule::LDAP::BaseDN'} = '';
$Self->{'AuthModule::LDAP::UID'} = 'mail';
$Self->{'AuthModule::LDAP::SearchUserDN'} = '[SearchUserDN]';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '[SearchUserPW]';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(extensionAttribute10=OTRS-Agent)';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 60,
async => 0,
version => 3,
};
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '[IP address]';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = '[BaseDN]';
$Self->{'AuthSyncModule::LDAP::UID'} = 'mail';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = '[SearchUserDN]'';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '[SearchUserPW]';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenname',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# #
# #
# ---------------------------------------------------- #
########################################################
LIVE: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
-
- Administrator
- Posts: 3963
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: LDAP > timeout
Try instead of
Code: Select all
timeout => 5
Code: Select all
timeout = 5
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: LDAP > timeout
Sorry ... I already tried it with
did not try with
just a typo here ...
Code: Select all
timeout => 5
Code: Select all
timeout = 5
LIVE: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
Re: LDAP > timeout
Push?!
Meanwhile I found: Framework -> Frontend::Customer::Auth
When I got you right, I could try to put the "timeout" param here: Customer::AuthModule::LDAP::Params ?
~~~
Is there nobody who has problems with the LDAP timeout?
Meanwhile I found: Framework -> Frontend::Customer::Auth
When I got you right, I could try to put the "timeout" param here: Customer::AuthModule::LDAP::Params ?
~~~
Is there nobody who has problems with the LDAP timeout?
LIVE: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP
TEST: OTRS 5.0.14 || Debian || MySQL/LDAP