Shib IdP v 4.2.1 + LDAP connections in Tomcat
Mak, Steven
makst at upenn.edu
Mon Nov 7 15:28:52 UTC 2022
Hi all,
I wanted to ask the users list if I was doing something wrong.
We are currently using Shibboleth IDP v4.2.1 upgraded from v3 over the years.
We recently added an LDAP data connector using these non-default pool settings (everything else default):
minPoolSize=3
maxPoolSize=100
blockWaitTime=PT1S
validatePeriodically=true
validateTimerPeriod=PT10S
expirationTime=PT30S
prunePeriod=PT15S
So I've noticed with netstat the number of ESTABLISHED LDAP connections on startup = 6 connections (not 3). And then every time the resolver reloads yields +6 more connections.
If I reload the resolver as a test, it will add 6 more ldap connections for every reload and they don't go away. My production IdP stayed at 36 established ldap connections for 10 days even during low load periods. The connections don't go away until I restart tomcat.
I read through some older emails in here and Scott stated that unboundid should not have these types of persistent ldap connections. I don't think I've purposely disabled unboundid.
I was curious if maybe this is something I need to fix in tomcat or maybe at the OS.
Thanks,
Steve Mak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221107/a8651f19/attachment.htm>
More information about the users
mailing list