tracker issue : CF-4198260

select a category, or use search below
(searches all categories and all time range)
Title:

CFLDAP fails under load and requires CF to be restarted for it to work again.

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/Fixed

Reporter/Name(from Bugbase): Darrell Rapier / Darrell Rapier ()

Created: 01/12/2017

Components: Net Protocols, LDAP

Versions: 2016,11.0

Failure Type: Crash

Found In Build/Fixed In Build: ColdFusion 2016 Update 3 / 11,0,16,313649

Priority/Frequency: Normal / Most users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 1

Problem Description: Under a request with thousands of CFLDAP calls the CFLDAP tag fails with this error message" "An error has occurred while trying to execute query :10.242.146.14:3268."  The error detail message is: "One or more of the required attributes may be missing or incorrect or you do not have permissions to execute this operation on the server."  This error message is misleading because the same LDAP query works after a restart or under normal circumstances.  We have nightly processes that loop through thousands of LDAP objects and something is causing CFLDAP to stop working under this load.  It is completely random, but CF does require a service restart to fix it.  We have three CF 2016 servers processing this workload and they all fail at random times.  I noticed on all the stacktraces the first two array items are:
1.)
ClassName coldfusion.tagext.net.LdapTag  
FileName LdapTag.java  
LineNumber 765  
MethodName doStartTag  
NativeMethod NO  
2.)
ClassName coldfusion.runtime.CfJspPage  
FileName CfJspPage.java  
LineNumber 3698  
MethodName _emptyTcfTag  
NativeMethod NO 
3.)
The third is my function that has the CFLDAP query.

Steps to Reproduce: Loop over thousands of AD object using CFLDAP

attributes: SamAccountName,userPrincipalName,distinguishedname,mail,sn 
filter: (&(objectCategory=person)(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(SamAccountName=name))

<cfset ldapArgs = {
				timeout=variables.ldapTimeOut,
				port=variables.LDAPPort,
				action="QUERY",
				name="rs",
				attributes=arguments.attributes,
				start=start,
				scope="SUBTREE",
			       filter=arguments.filter,
			       server="[IP]",
			       username=variables.LDAPcreds.username,
			       password=variables.LDAPcreds.password,
			       rebind="yes",
			       maxrows="1"
			    }>
   <cfldap attributeCollection="#ldapArgs#">

Actual Result:  CF throws an misleading error "One or more of the required attributes may be missing or incorrect or you do not have permissions to execute this operation on the server." and CFLDAP no longer functions.

Expected Result: A normal CFLDAP query result

Any Workarounds:  Restart the "ColdFusion 2016 Application Server" service

Attachments:

Comments: