IdP use of LDAP and connection pooling

Yuji Shinozaki ys2n at virginia.edu
Thu Sep 8 21:18:11 BST 2011 

So to be explicit about how these properties are specified in the configs, would the following configure the vt-ldap connector to retry failed connections three times with a wait of 300 ms between retries?

    <resolver:DataConnector
        id="myLDAP"
        xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
        ldapURL="ldap://blah.blah.blah"
        baseDN="o=blah,c=US"
        principal="cn=blah,ou=blabbityblah,o=blahblah,c=US"
        principalCredential="blahblah" >
        <FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName)
            ]]>
        </FilterTemplate>
	
	<ReturnAttributes>blah1 blah2 blah3</ReturnAttributes>

	<LDAPProperty name="edu.vt.middleware.ldap.operationRetry" value="3" />
	<LDAPProperty name="edu.vt.middleware.ldap.operationRetryWait" value="300" />

    </resolver:DataConnector>


yuji
----

On Sep 8, 2011, at 3:52 PM, Daniel Fisher wrote:

> On Thu, Sep 8, 2011 at 2:26 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> I'm just wondering these kinds of things:
> 
> - are pools necessary to get reasonable performance on highly loaded IdPs?
> 
> I believe so, yes.
>  
> - do they handle failed connections reasonably without ever surfacing them
> as actual data connector failures?
> 
> If they don't I hope someone files a bug report.
>  
> - are there ways to maintain connections and avoid the timeouts from the
> client end?
> 
> You should be able to configure periodic validation to guarantee your connections are always alive.
>  
> - is pool validation even needed, or does it just retry on failures and
> handle things gracefully?
> 
> Checkin/checkout validation is mainly just for the use cases I couldn't imagine. Connections will retry once by default on any communication error, so periodic validation provides the best benefit on top of that.
>  
> --Daniel Fisher
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

----
Yuji Shinozaki
Technical Director, SHANTI
University of Virginia
http://shanti.virginia.edu
434-924-7171
ys2n at virginia.edu
----
"Computers are useless.  They only give you answers". --Pablo Picasso

More information about the users mailing list