IdP use of LDAP and connection pooling

Cantor, Scott cantor.2 at
Thu Sep 8 19:26:12 BST 2011

Is there any conventional wisdom or experience with the use of connection
pooling in the IdP data connectors for LDAP, and specifically AD?

We're expanding use of LDAP as a data source, but my expertise lies
heavily on the RDBMS side and how the pooling behaves there. I did some
initial playing around adding a connection pool and am seeing what I kind
of expected, which is constant LDAP connection resets when the pools
validate when connections are idle.

I'm just wondering these kinds of things:

- are pools necessary to get reasonable performance on highly loaded IdPs?
- do they handle failed connections reasonably without ever surfacing them
as actual data connector failures?
- are there ways to maintain connections and avoid the timeouts from the
client end?
- is pool validation even needed, or does it just retry on failures and
handle things gracefully?

I use LDAP as a secondary source right now, with no pooling yet, and it's
basically fine, though I don't know the actual load on the AD servers.
Last thing I want is to add pooling and have it cause failures (which
poorly implemented RDBMS pools do cause).

-- Scott

More information about the users mailing list