Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] sources.xml Connection Pool Ldap? (with patch)

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] sources.xml Connection Pool Ldap? (with patch)


Chronological Thread 
  • From: Colin Hudler <>
  • To: Jim Fox <>
  • Cc: Tom Zeller <>, "" <>
  • Subject: Re: [grouper-dev] sources.xml Connection Pool Ldap? (with patch)
  • Date: Thu, 18 Jun 2009 13:58:51 -0500
I think I fogot to include the patch. It is now attached.

On 06/18/2009 01:52 PM, Colin Hudler wrote:
Thanks again, Jim. I installed it according to the README and it worked
well. However, it continued to connect and bind on each search, and
never closed the context. The ldap server quickly ran out of sockets. I
started to debug it, but I couldn't find the 2.8.2 vt-ldap api docs. So,
I downloaded 3.0 and converted it. Works great now. I also have it using
a properties file, so much less is configured in sources.xml. I have
attached the patch between my new one and the only changed file
(LdapSourceAdapter.java).

Sorry, you will see that I might have made a few unnecessary changes,
also keep in mind that I am not really a Java programmer.

On 06/18/2009 11:49 AM, Jim Fox wrote:


Here is the uwsubject library.

http://staff.washington.edu/fox/grouper/dist/


Jim


On Thu, 18 Jun 2009, Colin Hudler wrote:

Date: Thu, 18 Jun 2009 09:41:25 -0700
From: Colin Hudler
<>
To: Jim Fox
<>
Cc: Tom Zeller
<>,
""

<>
Subject: Re: [grouper-dev] sources.xml Connection Pool Ldap?

Please do, Jim. Thank you.

On 06/18/2009 11:13 AM, Jim Fox wrote:


We implemented a source adapter at UW that uses the vt ldap library and
supports connection pooling. I can send you a copy if you'd like to try
it out.

Jim


On Thu, 18 Jun 2009, Tom Zeller wrote:

Date: Thu, 18 Jun 2009 07:05:44 -0700
From: Tom Zeller
<>
To: Colin Hudler
<>
Cc:
""

<>
Subject: Re: [grouper-dev] sources.xml Connection Pool Ldap?

Well, no, the JNDISourceAdapter isn't conducive to pooling.

We indeed are creating and closing the ldap context before and after
each search, so adding the connection pooling environment property
won't help
much.
We might want
to provide an LdapSourceAdapter which uses vt-ldap so we can have
connection pooling etc. even with TLS.


I'm not sure what priority this is.

TomZ

On Thu, Jun 18, 2009 at 8:50 AM, Colin Hudler
<>
wrote:
Hi,

I observed one of our test instances of grouper starting a new ldap
session each time a person subject was to be resolved (the other
test instances use mysql or mssql for the subject source). Is there a
way to request connection pooling? I could not find this
answer in the archives or wiki, but there is an "issue" in jira at
<https://bugs.internet2.edu/jira/browse/MCO-9>. I am unable to
extract the answer from that, however.

the sources.xml is using
edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter and
<param-name>INITIAL_CONTEXT_FACTORY</param-name>
<param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>









--- LdapSourceAdapter.java 2009-04-17 16:35:56.000000000 -0500
+++ /home/chudler/LdapSourceAdapter.java 2009-06-18 13:47:15.000000000
-0500
@@ -46,7 +46,9 @@ import javax.naming.directory.Attributes

import edu.vt.middleware.ldap.Ldap;
import edu.vt.middleware.ldap.LdapConfig;
-import edu.vt.middleware.ldap.LdapPool;
+import edu.vt.middleware.ldap.pool.SoftLimitLdapPool;
+import edu.vt.middleware.ldap.pool.DefaultLdapFactory;
+import edu.vt.middleware.ldap.pool.LdapPoolConfig;
import edu.vt.middleware.ldap.LdapUtil;

/**
@@ -62,48 +64,14 @@ public class LdapSourceAdapter extends B
private String descriptionAttributeName = null;
private String subjectTypeString = null;
private String localDomain = null;
-
- /** Search scope values. */
- public static enum SEARCH_SCOPE {
- OBJECT,
- ONELEVEL,
- SUBTREE
- };
-
-
- /** Authentication type values. */
- public static enum AUTHENTICATION_TYPE {
- ANONYMOUS,
- SIMPLE,
- STRONG,
- EXTERNAL,
- DIGEST_MD5,
- CRAM_MD5,
- GSSAPI
- };
+ private String propertiesFile = null;

/* ldap config */

private String ldapUrl;
private String ldapBaseDn;
- private boolean useStartTls;
- private String ldapPrincipal;
- private String ldapCredential;
- private SEARCH_SCOPE ldapScope;
- private AUTHENTICATION_TYPE ldapAuthType;
- private SSLSocketFactory ldapSocketFactory;
-
- /** Ldap configuration. */
- private LdapConfig ldapConfig;
-
- /** LdapPool object. */
- private LdapPool ldapPool;
-
- /** Maximum number of idle objects in the ldap pool. */
- private int poolMaxIdle;

- /** Initial capacity of the the ldap pool. */
- private int poolInitIdleCapacity;
+ private SoftLimitLdapPool ldapPool;

/** Whether this has been initialized. */
private boolean initialized = false;
@@ -229,45 +197,18 @@ public class LdapSourceAdapter extends B
*
{@inheritDoc}
*/
public void init() {
- // log.debug("ldap source init");
+ log.debug("ldap source init");
Properties props = getInitParams();

ldapUrl = getStringProperty(props,"Url");
log.debug("ldap init, url prop = " + ldapUrl);
ldapBaseDn = getStringProperty(props,"BaseDn");
- useStartTls = getBooleanProperty(props,"UseStartTls");
- ldapPrincipal = getStringProperty(props,"Principal");
- ldapCredential = getStringProperty(props,"Credential");
- localDomain = getStringProperty(props,"LocalDomain");
-
- String scope = getStringProperty(props,"Scope");
- if (scope.compareToIgnoreCase("object")==0) ldapScope =
SEARCH_SCOPE.OBJECT;
- else if (scope.compareToIgnoreCase("onelevel")==0) ldapScope =
SEARCH_SCOPE.ONELEVEL;
- else if (scope.compareToIgnoreCase("subtree")==0) ldapScope =
SEARCH_SCOPE.SUBTREE;
- else log.error("ldap subject invalid scope: " + scope);
-
- String type = getStringProperty(props,"Authentication");
- if (type.compareToIgnoreCase("anonymous")==0) ldapAuthType =
AUTHENTICATION_TYPE.ANONYMOUS;
- else if (type.compareToIgnoreCase("simple")==0) ldapAuthType =
AUTHENTICATION_TYPE.SIMPLE;
- else if (type.compareToIgnoreCase("strong")==0) ldapAuthType =
AUTHENTICATION_TYPE.STRONG;
- else if (type.compareToIgnoreCase("external")==0) ldapAuthType =
AUTHENTICATION_TYPE.EXTERNAL;
- else if (type.compareToIgnoreCase("digest_md5")==0) ldapAuthType =
AUTHENTICATION_TYPE.DIGEST_MD5;
- else if (type.compareToIgnoreCase("cram_md5")==0) ldapAuthType =
AUTHENTICATION_TYPE.CRAM_MD5;
- else if (type.compareToIgnoreCase("gssapi")==0) ldapAuthType =
AUTHENTICATION_TYPE.GSSAPI;
- else log.error("ldap authentication type: " + type);
-
- String ca = getStringProperty(props,"CA_file");
- String cert = getStringProperty(props,"Cert_file");
- String key = getStringProperty(props,"Key_file");
- ldapSocketFactory = null;
- if (ca!=null && cert!=null && key!=null) {
- LdapPEMSocketFactory sf = new LdapPEMSocketFactory(ca, cert, key);
- ldapSocketFactory = sf.getSocketFactory();
- }
+

nameAttributeName = getStringProperty(props,"Name_AttributeType");
subjectIDAttributeName =
getStringProperty(props,"SubjectID_AttributeType");
descriptionAttributeName =
getStringProperty(props,"Description_AttributeType");
+ propertiesFile = getStringProperty(props,"ldapProperties_file");

initializeLdap();

@@ -277,39 +218,12 @@ public class LdapSourceAdapter extends B

log.debug("ldap initializeLdap 1");

- ldapConfig = new LdapConfig(ldapUrl, ldapBaseDn);
- ldapConfig.useTls(useStartTls);
- if (ldapPrincipal!=null) ldapConfig.setServiceUser(ldapPrincipal);
- if (ldapCredential!=null)
ldapConfig.setServiceCredential(ldapCredential);
-
- if (ldapAuthType==AUTHENTICATION_TYPE.ANONYMOUS) {
- ldapConfig.useAnonymousAuth();
- } else if (ldapAuthType==AUTHENTICATION_TYPE.SIMPLE) {
- ldapConfig.useSimpleAuth();
- } else if (ldapAuthType==AUTHENTICATION_TYPE.STRONG) {
- ldapConfig.useStrongAuth();
- } else if (ldapAuthType==AUTHENTICATION_TYPE.EXTERNAL) {
- ldapConfig.useExternalAuth();
- } else if (ldapAuthType==AUTHENTICATION_TYPE.DIGEST_MD5) {
- ldapConfig.useDigestMD5Auth();
- } else if (ldapAuthType==AUTHENTICATION_TYPE.CRAM_MD5) {
- ldapConfig.useCramMD5Auth();
- } else if (ldapAuthType==AUTHENTICATION_TYPE.GSSAPI) {
- ldapConfig.useGSSAPIAuth();
- }
-
- if (ldapScope == SEARCH_SCOPE.OBJECT) {
- ldapConfig.useObjectSearchScope();
- } else if (ldapScope == SEARCH_SCOPE.SUBTREE) {
- ldapConfig.useSubTreeSearchScope();
- } else if (ldapScope == SEARCH_SCOPE.ONELEVEL) {
- ldapConfig.useOneLevelSearchScope();
- }
+ DefaultLdapFactory factory = new DefaultLdapFactory( new
LdapConfig(ldapUrl, ldapBaseDn));
+ LdapPoolConfig poolConfig = new LdapPoolConfig();

- if (ldapSocketFactory!=null)
ldapConfig.setSslSocketFactory(ldapSocketFactory);
-
try {
- ldapPool = new LdapPool (ldapConfig, 5, 2);
+ ldapPool = new
SoftLimitLdapPool(poolConfig.createFromProperties(propertiesFile), factory);
+ ldapPool.initialize();
initialized = true;
} catch (Exception e) {
log.debug("ldappool error = " + e);
@@ -326,17 +240,6 @@ public class LdapSourceAdapter extends B
return (value);
}

- protected boolean getBooleanProperty(Properties props, String prop) {
- String value = getStringProperty(props, prop);
- if (value!=null) {
- if (value.compareToIgnoreCase("true")==0) return true;
- if (value.compareToIgnoreCase("yes")==0) return true;
- }
- return (false);
- }
-
-
-

/**
* Loads attributes for the argument subject.
@@ -413,7 +316,7 @@ public class LdapSourceAdapter extends B
log.debug("searchType: " + search.getSearchType() + " filter: " +
filter);

try {
- ldap = (Ldap) ldapPool.borrowObject();
+ ldap = (Ldap) ldapPool.checkOut();
results = ldap.search(filter, attributeNames );
} catch (NamingException ex) {
log.error("Ldap NamingException: " + ex.getMessage(), ex);
@@ -423,7 +326,7 @@ public class LdapSourceAdapter extends B
} finally {
if (ldap != null) {
try {
- ldapPool.returnObject(ldap);
+ ldapPool.checkIn(ldap);
} catch (Exception e) {
log.error("Could not return Ldap object back to pool",
e);
}

Archive powered by MHonArc 2.6.16.

Top of Page