IdP use of LDAP and connection pooling
Daniel Fisher
dfisher at vt.edu
Fri Sep 9 15:12:07 BST 2011
On Fri, Sep 9, 2011 at 4:30 AM, Manuel Haim <haim at hrz.uni-marburg.de> wrote:
> Hi Scott,
>
> just my two cents here...
> A bottleneck, however, appears to be in the LDAP JAAS login module at
> login time (see login.config). By default, the SearchDnResolver (which
> resolves the user's DN according to the specified userFilter) never does
> connection pooling, thus the IdP always performs an LDAP BIND here where
> it could keep the connection open. We replaced the SearchDnResolver by a
> static one for test purposes, and our IdP cluster now handled about
> twice as much logins per second. (The IdP is not "blocked" by the LDAP
> BINDs, but maybe the number of threads or network connections is at a
> limit here?!)
>
> This issue has been reported at:
> http://code.google.com/p/vt-middleware/issues/detail?id=118
>
>
Support for pooling LDAP connections for authentication will definitely be
supported in IDP v3. I can't guarantee it will ever be formally supported in
IDP v2, I'll just have to see how the code shakes out.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110909/1944e1c0/attachment.html
More information about the users
mailing list