Handling empty LDAP connection pools on IdP start-up

Wessel, Keith kwessel at illinois.edu
Fri Mar 10 11:56:53 EST 2017


Got it. Yeah, I don't get runtime errors with an empty pool, but I do get no attributes back even though my other data connectors are still functioning. Too bad there's not a way to configure failfast for a dataconnector to tell it to go ahead and resolve attributes from other data connectors without creating the static data connector.

But your solution's easy enough. Is it valid to have a static data connector with no attributes in it, or is at least one attribute with one value required? The docs for static data connectors state that one or more attributes "may" be in the data connector. Doesn't say must, says may.

Keith


-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Friday, March 10, 2017 10:48 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Handling empty LDAP connection pools on IdP start-up

On 3/10/17, 11:35 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> Adding the validatorRef to my data connector did the trick. Now, if the whole LDAP cluster is down on restart, the pool at
> least continues to try and make connections and the attribute resolver starts working once a connection is successfully added
> to the pool. That's what I wanted.

Right, I'm just saying you'd still see an error at runtime for users, or at least a total lack of attributes, which may or may not be what you want.

> Scott, adding the fallback static connector would allow my other data connectors to continue functioning even if one was
> down and would also prevent run-time errors, correct? What would this static connector look like? That is what attributes, if
> any, would be in it?

Yes, and it doesn't matter what's in it, I just put one in called "dummy" with a value of 0 or something, and I use that to backstop all my secondary connectors.

-- Scott



-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list