IdP AuthN LDAP Connection Pooling + Directory with disabled anonymous binds...

Jeremy A Scott jeremy.scott at wisc.edu
Wed Apr 27 12:06:50 EDT 2016 

Thank you very much! This works in our testing environment. 

With debugging on, I see in that the passivator is being used when establishing the connection pool:

... DEBUG [org.ldaptive.pool.BlockingConnectionPool:222 ... 

passivator=[org.ldaptive.pool.BindPassivator at 899449061::bindRequest=[org.ldaptive.BindRequest at 1075119081::bindDn=....., saslConfig=null, controls=null]]

-Jeremy

> On Apr 26, 2016, at 11:18 PM, Daniel Fisher <dfisher at vt.edu> wrote:
> 
> On Mon, Apr 25, 2016 at 7:48 PM, Jeremy A Scott <jeremy.scott at wisc.edu> wrote:
> I'd like to use the pools as they were originally intended, so what are the options/config for returning the connections to the pool in a known state with BindPassivator?
> 
> Modify the bindConnectionConfig bean to use a connectionInitializer:
> 
> <bean id="bindConnectionConfig" parent="connectionConfig" p:connectionInitializer-ref="bindConnectionInitializer" /> 
> 
> Modify the bindConnectionPool bean to use a passivator:
> 
> <bean id="bindConnectionPool" class="org.ldaptive.pool.BlockingConnectionPool" parent="connectionPool"
>         p:connectionFactory-ref="bindConnectionFactory" p:name="bind-pool" p:passivator-ref="bindPassivator" />
> 
> Add a bindPassivator bean:
> 
> <bean id="bindPassivator" class="org.ldaptive.pool.BindPassivator">
>   <property name="bindRequest">
>     <bean class="org.ldaptive.BindRequest" p:dn="#{'%{idp.authn.LDAP.bindDN:undefined}'.trim()}">
>         <property name="credential">
>             <bean class="org.ldaptive.Credential">
>                 <constructor-arg value="%{idp.authn.LDAP.bindDNCredential:undefined}" />
>             </bean>
>         </property>
>     </bean>
>   </property>
> </bean>
> 
> --Daniel Fisher
> 
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2952 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20160427/02c99958/attachment.p7s>

More information about the users mailing list