Grouper Users - Open Discussion List

["Bee-Lindgren, Bert" <>]

Emilio,

I'm responding to your old message if it is still helpful for you or for someone else...

PSPNG's ldap-connection behavior is managed by Ldaptive connection pooling, and the connection stay open to avoid connection-setup overhead when action is required. This does bring in lots of healthcheck queries that seem excessive, particularly when things are quiet. The number of these connections can be minimized with various ldaptive options.

I don't know why ldaptive is making bogus, basedn-less queries. I would presume that Error32 (no such object) is the appropriate response. If necessary, let's talk about a Jira that requests that PSPNG set up different health-check queries within the Ldaptive pool.

Sincerely,

  Bert Bee-Lindgren

---

From: <> on behalf of Emilio Recio <>
Sent: Sunday, September 3, 2017 2:45 AM
To:
Subject: [grouper-users] pspng protocol

 

So we have pspng provisioning to an LDAP server. However, the ldapserver is just an interface (via TDI née Metamerge). Command line tools against the ldapserver works as expected. However with pspng it seems to create 5-7 connections to the ldap server and keeps them open. Sometimes it connects, gets a server capability or meta request (e.g.: ldapsearch -s base (objectClass=*) with no basedn) and then drops the connection with no more queries.

In short, is there documentation on how pspng provisions, such that I can give it a decent reply? Why does it connect and hold the connections open? Why does it spawn a new thread to just disconnect, etc.

The following link basically shows the interaction from TDI's perspective. All I did was add one person to the grouper group. (Please note the configuration stanza for the provisioning is incorrect, it mentions cn={group.name} it should be cn= whatever the user's display name is. However at this point one thing at a time 😊 )

FYI: AL/LL/LSC.0 (.0, .1, etc are socket connection threads from grouper)

See the following pastebin as a log of the : https://pastebin.com/7bSYkbP6

Any behind-the-scenes documentation on the exact procedure used for provisioning groups / users to groups etc would be helpful.

TIA,

e

The information contained in this transmission contains privileged and confidential information. It is intended only for the use of the person named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

CAUTION: Intended recipients should NOT use email communication for emergent or urgent health care matters.