我正在尝试使用 GlassFish 通过 SSL 连接到我公司的 LDAP。一切都按预期工作,除了有时连接需要很长时间。
启用 ssl 调试后,我发现更改密码规范中有时会(但并非总是(延迟 30 秒。延迟的示例如下所示。
[2020-06-18T09:11:51.806+0100] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=32 _ThreadName=Thread-8] [timeMillis: 1592467911806] [levelValue: 800] [[
http-listener-1(1), WRITE: TLSv1.2 Handshake, length = 40]]
[2020-06-18T09:12:22.030+0100] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=32 _ThreadName=Thread-8] [timeMillis: 1592467942030] [levelValue: 800] [[
http-listener-1(1), READ: TLSv1.2 Change Cipher Spec, length = 1]]
[2020-06-18T09:12:22.030+0100] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=32 _ThreadName=Thread-8] [timeMillis: 1592467942030] [levelValue: 800] [[
http-listener-1(1), READ: TLSv1.2 Handshake, length = 40]]
以下是用于连接到 LDAP 的代码
final Hashtable<String, String> env = new Hashtable<String, String> ();
final String url = "ldaps://" + ldapHostAddress + ":" + ldapPort;
env.put (Context.SECURITY_PROTOCOL, "ssl");
env.put (Context.PROVIDER_URL, url);
env.put (Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put (Context.SECURITY_AUTHENTICATION, "simple");
env.put (Context.SECURITY_PRINCIPAL, principalDN);
env.put (Context.SECURITY_CREDENTIALS, principalPassword);
// Ensure the objectGUID is handled as a binary object, rather than a string.
env.put ("java.naming.ldap.attributes.binary", "objectGUID");
LdapContext connection = new InitialLdapContext (env, null);
从命令行运行此代码似乎不会受到 30 延迟的影响,所以我只能假设这是 GlassFish 的问题。任何建议将不胜感激。
事实证明,GlassFish偶尔在解析LDAP服务器的DNS名称时遇到问题。将 DNS 名称替换为 IP 地址可消除执行握手时的延迟。