Configuration of vt-ldap within DataConnector
Daniel Fisher
dfisher at vt.edu
Mon Sep 12 15:09:51 BST 2011
On Fri, Sep 9, 2011 at 8:34 PM, Yuji Shinozaki <ys2n at virginia.edu> wrote:
>
> > <LDAPProperty name="edu.vt.middleware.ldap.operationRetryExceptions"
> value="javax.naming.CommunicationException,javax.naming.ServiceUnavailableException,javax.naming.TimeLimitExceededException"
> />
> >
>
> Thanks. That makes more sense. That syntax is unclear in the
> documentation.
>
> > Are you sure this is what you want? An operation retry closes and reopens
> the connection, then presumably you'd get the same
> TimeLimitExceededException again. Note that LimitExceededException is
> ignored by the search result handler. So even if it occurs, you'll still get
> any results that were retrieved before the exception.
> >
>
> Ok. This may be a matter of upgrading our shib implementation (it is
> getting quite old) as the error is resulting in an attribute resolution
> error bubbling all the way up. We are getting the time limit exceeded
> exceptions at irregular intervals, but with increasing frequency lately. So
> i was hoping a properly-spaced retry would workaround these brown-outs.
> Our campus ldap admins have reassured us that they are throwing new
> hardware at the general problem, but of course that won't be for the
> proverbial "few weeks".
>
>
Since you have a misbehaving LDAP your approach may help triage the issue.
Assuming these time limit exceptions are load related, you should also play
around with a retry backoff. Stepping down the load might be your best bet.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110912/ec7acae8/attachment.html
More information about the users
mailing list