Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] tuning LDAP connections

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] tuning LDAP connections


Chronological Thread 
  • From: Shilen Patel <>
  • To: "Redman, Chad" <>, Baron Fujimoto <>
  • Cc: Grouper Users <>
  • Subject: Re: [grouper-users] tuning LDAP connections
  • Date: Wed, 3 Apr 2019 15:24:07 +0000

Yeah for 2.4, the timeLimit param is supposed to be for search timeouts. And
timeout is the connection timeout.

Thanks!

- Shilen

On 4/3/19, 11:00 AM, "Redman, Chad" <> wrote:

Yes, for 2.2, you can add raw vt-ldap configuration parameters in an
ldap.properties file, and then point to it in sources.xml with a
ldapProperties_file property in sources.xml. If you don't have a
ldap.properties.example file to start from, you can look at
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Internet2_grouper_blob_GROUPER-5F2-5F2-5FBRANCH_subject_conf_ldap.properties.example&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=QSMVrFYH6W_GCML_xUXCF2fVAEhQzKbM8Nm5-NthSco&e=.
The main ones for tuning would be the pooling options and pooling validator
option.

If you want to add a pool validator, in 2.2 the configuration needs to be
in sources.xml, not ldap.properties. Due to its weird design, the validator
properties are in the pool factory config rather than the pool config, so
they can't be set directly via vt-ldap properties. Instead, Grouper handles
them as special parameters and sets of the factory correctly. So it would
look like:

<init-param>
<param-name>VTLDAP_VALIDATOR</param-name>
<param-value>CompareLdapValidator</param-value>
</init-param>
<init-param>
<param-name>VTLDAP_VALIDATOR_COMPARE_DN</param-name>
<param-value>ou=people,dc=example,dc=edu</param-value>
</init-param>
<init-param>

<param-name>VTLDAP_VALIDATOR_COMPARE_SEARCH_FILTER_STRING</param-name>
<param-value>(ou=people)</param-value>
</init-param>


For 2.4, Shilen's wiki link should cover the basic options for ldaptive.
It doesn't currently mention the defaults, which I think are:

minPoolSize: 3
maxPoolSize: 10
validateTimerPeriod: (-> org.ldaptive.pool.validatePeriod=1800 * 1000)
1800000 ms or 30 minutes
validateTimeout: (->org.ldaptive.pool.validateTimeout=5000) 5 seconds? I
don't see our code handling it, so it's possibly not settable
timeout: (->org.ldaptive.connectTimeout=-1) -1
timeLimit: I don't think this does anything? It's specific to a search,
so there's nothing connection-related to set

Other undocumented ldaptive properties can also be set; just replace
"org.ldaptive." with "ldap.youServerId." and I believe the code will revert
it and pass it to ldaptive.

-Chad


-----Original Message-----
From:
[] On Behalf Of Shilen Patel
Sent: Wednesday, April 03, 2019 9:33 AM
To: Baron Fujimoto <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] tuning LDAP connections

Hi,

Is this question for 2.2, 2.4 or both?

For 2.4, you can specify the configs in your grouper-loader.properties.
See the bottom of
https://urldefense.proofpoint.com/v2/url?u=https-3A__spaces.at.internet2.edu_display_Grouper_vt-2Dldap-2Bto-2Bldaptive-2Bmigration-2Bfor-2BLDAP-2Baccess&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=d_eWSyWDH9qD1N_Q60Lzguwg02_exVXoPVpoZ0cbw7U&e=
for examples of timeouts and pool sizes.

For 2.2, I think you have to update the sources.xml file to include an
external properties file via the ldapProperties_File property. There’s an
example here:
https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.internet2.edu_jira_browse_GRP-2D1151&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=vAzu4_5r4_ie23yTyyFpaBgkqlvb55msXI01KIOxJyg&e=
Then your properties file can contain vt-ldap specific properties. See
https://urldefense.proofpoint.com/v2/url?u=https-3A__code.google.com_archive_p_vt-2Dmiddleware_wikis&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=sWqutME58phurE0oO57Icg&m=NN_-VHhGkfqfOAfcZc_hUP1twHiQTmqNTMNcMM1vafI&s=vaa31SxRGD8kAAxuu-ixc0-vWAZQ3LAGo9vGM8j8qTU&e=
for config options. For example edu.vt.middleware.ldap.pool.maxPoolSize,
edu.vt.middleware.ldap.timeout, etc.

Thanks!

- Shilen

On 3/27/19, 11:28 PM, " on behalf of
Baron Fujimoto" < on behalf of
> wrote:

Is there a way to tune LDAP connections (connection times, pools
sizes, etc) for things like subject searches? I didn't see anything obvious
in .properties files or sources.xml.

Currently for grouper 2.2.x, upgrading to 2.4 is planned.
--
Baron Fujimoto <> :: UH Information Technology
Services
minutas cantorum, minutas balorum, minutas carboratum desendus
pantorum







Archive powered by MHonArc 2.6.19.

Top of Page