Grouper Users - Open Discussion List

[Shilen Patel <>]

Yeah for 2.4, the timeLimit param is supposed to be for search timeouts.  And 
timeout is the connection timeout.

Thanks!

- Shilen

On 4/3/19, 11:00 AM, "Redman, Chad" <> wrote:

    Yes, for 2.2, you can add raw vt-ldap configuration parameters in an 
ldap.properties file, and then point to it in sources.xml with a 
ldapProperties_file property in sources.xml. If you don't have a 
ldap.properties.example file to start from, you can look at 
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Internet2_grouper_blob_GROUPER-5F2-5F2-5FBRANCH_subject_conf_ldap.properties.example&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=QSMVrFYH6W_GCML_xUXCF2fVAEhQzKbM8Nm5-NthSco&e=.
 The main ones for tuning would be the pooling options and pooling validator 
option.
    
    If you want to add a pool validator, in 2.2 the configuration needs to be 
in sources.xml, not ldap.properties. Due to its weird design, the validator 
properties are in the pool factory config rather than the pool config, so 
they can't be set directly via vt-ldap properties. Instead, Grouper handles 
them as special parameters and sets of the factory correctly. So it would 
look like:
    
        <init-param>
          <param-name>VTLDAP_VALIDATOR</param-name>
          <param-value>CompareLdapValidator</param-value>
        </init-param>
        <init-param>
          <param-name>VTLDAP_VALIDATOR_COMPARE_DN</param-name>
          <param-value>ou=people,dc=example,dc=edu</param-value>
        </init-param>
        <init-param>
          
<param-name>VTLDAP_VALIDATOR_COMPARE_SEARCH_FILTER_STRING</param-name>
          <param-value>(ou=people)</param-value>
        </init-param>
    
    
    For 2.4, Shilen's wiki link should cover the basic options for ldaptive. 
It doesn't currently mention the defaults, which I think are:
    
    minPoolSize: 3
    maxPoolSize: 10
    validateTimerPeriod: (-> org.ldaptive.pool.validatePeriod=1800 * 1000) 
1800000 ms or 30 minutes
    validateTimeout: (->org.ldaptive.pool.validateTimeout=5000) 5 seconds? I 
don't see our code handling it, so it's possibly not settable 
    timeout: (->org.ldaptive.connectTimeout=-1) -1
    timeLimit: I don't think this does anything? It's specific to a search, 
so there's nothing connection-related to set
    
    Other undocumented ldaptive properties can also be set; just replace 
"org.ldaptive." with "ldap.youServerId." and I believe the code will revert 
it and pass it to ldaptive.
    
    -Chad
    
    
    -----Original Message-----
    From:  
[] On Behalf Of Shilen Patel
    Sent: Wednesday, April 03, 2019 9:33 AM
    To: Baron Fujimoto <>
    Cc: Grouper Users <>
    Subject: Re: [grouper-users] tuning LDAP connections
    
    Hi,
    
    Is this question for 2.2, 2.4 or both?  
    
    For 2.4, you can specify the configs in your grouper-loader.properties.  
See the bottom of 
https://urldefense.proofpoint.com/v2/url?u=https-3A__spaces.at.internet2.edu_display_Grouper_vt-2Dldap-2Bto-2Bldaptive-2Bmigration-2Bfor-2BLDAP-2Baccess&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=d_eWSyWDH9qD1N_Q60Lzguwg02_exVXoPVpoZ0cbw7U&e=
 for examples of timeouts and pool sizes.
        
    For 2.2, I think you have to update the sources.xml file to include an 
external properties file via the ldapProperties_File property.  There’s an 
example here:  
https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.internet2.edu_jira_browse_GRP-2D1151&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=vAzu4_5r4_ie23yTyyFpaBgkqlvb55msXI01KIOxJyg&e=
  Then your properties file can contain vt-ldap specific properties.  See 
https://urldefense.proofpoint.com/v2/url?u=https-3A__code.google.com_archive_p_vt-2Dmiddleware_wikis&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=vaa31SxRGD8kAAxuu-ixc0-vWAZQ3LAGo9vGM8j8qTU&e=
 for config options.  For example edu.vt.middleware.ldap.pool.maxPoolSize, 
edu.vt.middleware.ldap.timeout, etc.
    
    Thanks!
    
    - Shilen
    
    On 3/27/19, 11:28 PM, " on behalf of 
Baron Fujimoto" < on behalf of 
> wrote:
    
        Is there a way to tune LDAP connections (connection times, pools 
sizes, etc) for things like subject searches? I didn't see anything obvious 
in .properties files or sources.xml.
        
        Currently for grouper 2.2.x, upgrading to 2.4 is planned.
        -- 
        Baron Fujimoto <> :: UH Information Technology 
Services
        minutas cantorum, minutas balorum, minutas carboratum desendus 
pantorum