Skip to content

LDAP user disabled after response timed out #11199

New issue
New issue
Open
#11220
Open
LDAP user disabled after response timed out#11199
#11220
Assignees
sureshanaparti
Labels
component:LDAPtype:improvement
Milestone
4.20.2
@sureshanaparti

Description

@sureshanaparti
sureshanaparti
opened on Jul 15, 2025

problem

When the LDAP server response timed out, CloudStack immediately disables the user.

javax.naming.NamingException: LDAP response read timed out, timeout used: 1000 ms.

User is disabled from here:

cloudstack/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapAuthenticator.java

Lines 175 to 177 in 6059724

} catch (NoLdapUserMatchingQueryException e) {
logger.debug(e.getMessage());
disableUserInCloudStack(userAccount);

cloudstack/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java

Lines 305 to 307 in 6059724

} catch (NamingException | IOException e) {
logger.debug("ldap Exception: ",e);
throw new NoLdapUserMatchingQueryException("No Ldap User found for username: "+username);

versions

ACS 4.20.1

The steps to reproduce the bug

  1. Keep LDAP server not reachable to the management server (and let the LDAP queries to timeout)
  2. Login with the LDAP user

What to do about it?

Either ignore the timed out errors from the LDAP server during user queries, or allow re-attempts based the configuration 'incorrect.login.attempts.allowed'.

Metadata

Metadata

Assignees

Labels

component:LDAPtype:improvement

Type

No type

Projects

Apache CloudStack BugFest - Issues

Status

ready for Review

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions