Grouper Users - Open Discussion List

["Redman, Chad" <>]

Yes, for 2.2, you can add raw vt-ldap configuration parameters in an 
ldap.properties file, and then point to it in sources.xml with a 
ldapProperties_file property in sources.xml. If you don't have a 
ldap.properties.example file to start from, you can look at 
https://github.com/Internet2/grouper/blob/GROUPER_2_2_BRANCH/subject/conf/ldap.properties.example.
 The main ones for tuning would be the pooling options and pooling validator 
option.

If you want to add a pool validator, in 2.2 the configuration needs to be in 
sources.xml, not ldap.properties. Due to its weird design, the validator 
properties are in the pool factory config rather than the pool config, so 
they can't be set directly via vt-ldap properties. Instead, Grouper handles 
them as special parameters and sets of the factory correctly. So it would 
look like:

    <init-param>
      <param-name>VTLDAP_VALIDATOR</param-name>
      <param-value>CompareLdapValidator</param-value>
    </init-param>
    <init-param>
      <param-name>VTLDAP_VALIDATOR_COMPARE_DN</param-name>
      <param-value>ou=people,dc=example,dc=edu</param-value>
    </init-param>
    <init-param>
      <param-name>VTLDAP_VALIDATOR_COMPARE_SEARCH_FILTER_STRING</param-name>
      <param-value>(ou=people)</param-value>
    </init-param>


For 2.4, Shilen's wiki link should cover the basic options for ldaptive. It 
doesn't currently mention the defaults, which I think are:

minPoolSize: 3
maxPoolSize: 10
validateTimerPeriod: (-> org.ldaptive.pool.validatePeriod=1800 * 1000) 
1800000 ms or 30 minutes
validateTimeout: (->org.ldaptive.pool.validateTimeout=5000) 5 seconds? I 
don't see our code handling it, so it's possibly not settable 
timeout: (->org.ldaptive.connectTimeout=-1) -1
timeLimit: I don't think this does anything? It's specific to a search, so 
there's nothing connection-related to set

Other undocumented ldaptive properties can also be set; just replace 
"org.ldaptive." with "ldap.youServerId." and I believe the code will revert 
it and pass it to ldaptive.

-Chad


-----Original Message-----
From:  
[] On Behalf Of Shilen Patel
Sent: Wednesday, April 03, 2019 9:33 AM
To: Baron Fujimoto <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] tuning LDAP connections

Hi,

Is this question for 2.2, 2.4 or both?  

For 2.4, you can specify the configs in your grouper-loader.properties.  See 
the bottom of 
https://spaces.at.internet2.edu/display/Grouper/vt-ldap+to+ldaptive+migration+for+LDAP+access
 for examples of timeouts and pool sizes.
        
For 2.2, I think you have to update the sources.xml file to include an 
external properties file via the ldapProperties_File property.  There’s an 
example here:  https://bugs.internet2.edu/jira/browse/GRP-1151  Then your 
properties file can contain vt-ldap specific properties.  See 
https://code.google.com/archive/p/vt-middleware/wikis for config options.  
For example edu.vt.middleware.ldap.pool.maxPoolSize, 
edu.vt.middleware.ldap.timeout, etc.

Thanks!

- Shilen

On 3/27/19, 11:28 PM, " on behalf of Baron 
Fujimoto" < on behalf of > 
wrote:

    Is there a way to tune LDAP connections (connection times, pools sizes, 
etc) for things like subject searches? I didn't see anything obvious in 
.properties files or sources.xml.
    
    Currently for grouper 2.2.x, upgrading to 2.4 is planned.
    -- 
    Baron Fujimoto <> :: UH Information Technology Services
    minutas cantorum, minutas balorum, minutas carboratum desendus pantorum