IdP use of LDAP and connection pooling

Yuji Shinozaki ys2n at
Thu Sep 8 21:18:11 BST 2011

So to be explicit about how these properties are specified in the configs, would the following configure the vt-ldap connector to retry failed connections three times with a wait of 300 ms between retries?

        xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
        principalCredential="blahblah" >
	<ReturnAttributes>blah1 blah2 blah3</ReturnAttributes>

	<LDAPProperty name="edu.vt.middleware.ldap.operationRetry" value="3" />
	<LDAPProperty name="edu.vt.middleware.ldap.operationRetryWait" value="300" />



On Sep 8, 2011, at 3:52 PM, Daniel Fisher wrote:

> On Thu, Sep 8, 2011 at 2:26 PM, Cantor, Scott <cantor.2 at> wrote:
> I'm just wondering these kinds of things:
> - are pools necessary to get reasonable performance on highly loaded IdPs?
> I believe so, yes.
> - do they handle failed connections reasonably without ever surfacing them
> as actual data connector failures?
> If they don't I hope someone files a bug report.
> - are there ways to maintain connections and avoid the timeouts from the
> client end?
> You should be able to configure periodic validation to guarantee your connections are always alive.
> - is pool validation even needed, or does it just retry on failures and
> handle things gracefully?
> Checkin/checkout validation is mainly just for the use cases I couldn't imagine. Connections will retry once by default on any communication error, so periodic validation provides the best benefit on top of that.
> --Daniel Fisher
> --
> To unsubscribe from this list send an email to users-unsubscribe at

Yuji Shinozaki
Technical Director, SHANTI
University of Virginia
ys2n at
"Computers are useless.  They only give you answers". --Pablo Picasso

More information about the users mailing list