Skip to content

branch-4.0:[fix](ldap) Improve LDAP authentication resiliency and diagnostics (#61673)#63285

Open
seawinde wants to merge 1 commit into
apache:branch-4.0from
seawinde:pr_61673_to_branch-4.0
Open

branch-4.0:[fix](ldap) Improve LDAP authentication resiliency and diagnostics (#61673)#63285
seawinde wants to merge 1 commit into
apache:branch-4.0from
seawinde:pr_61673_to_branch-4.0

Conversation

@seawinde
Copy link
Copy Markdown
Member

@seawinde seawinde commented May 15, 2026

pr: #61673
commitId: af6f58c

@seawinde
[fix](ldap) Improve LDAP authentication resiliency and diagnostics (a…
af6f58c 
…pache#61673)

This PR addresses several issues in the FE LDAP authentication path that
could lead to login hangs, indefinite blocking, unstable search latency,
and poor observability when the LDAP server is slow or unavailable.

  The main changes are:

- Add configurable LDAP timeouts, `ldap_connect_timeout_ms` and
`ldap_read_timeout_ms` (both default to 5000 ms), so LDAP bind and
search operations do not block indefinitely.
- Fix LDAP search connection management by removing the conflicting JNDI
built-in pooling configuration and adding `ldap_search_use_pool` to
support both pooled and non-pooled search mode.
- Improve diagnosability by adding structured performance logs across
the LDAP authentication chain, including password resolution, bind, user
lookup, group lookup, cache hit/miss, and authentication result.

Together, these changes improve FE LDAP authentication stability, make
timeout behavior explicit and configurable, reduce the risk of login
stalls, and provide better diagnostics for production issues.
@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented May 15, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@seawinde
Copy link
Copy Markdown
Member Author

seawinde commented May 15, 2026

run buildall

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yiguolei yiguolei Awaiting requested review from yiguolei yiguolei is a code owner

@morningman morningman Awaiting requested review from morningman morningman is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seawinde @hello-stephen