For anyone else who finds themselves scratching their head over this.... cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid. UnboundIDProvider
is the magic setting if you are using open JDK 9, 11, 12, 13. https://bugs.openjdk.java.net/browse/JDK-8217606 and "The JNDI provider is broken in Java version 9 and later. It is recommend that you use the UnboundID provider with newer versions of Java and ldaptive v1.x" at https://www.ldaptive.org/v1/ (not easy to find on the ldaptive site) finally got us there. Shame this is not highlighted as an issue on the CAS 6.0.x docs....esp at the fix with jdk 14 is not out until next year! On Thursday, 31 October 2019 14:12:04 UTC, n99 wrote: > > Hi > > We are seeing issues with CAS 6.0.5 running against our OPEN Ldap where we > are seeing too many connections being made to LDAP. > > . We have the following settings. > > cas.authn.ldap[0].type=AUTHENTICATED > cas.authn.ldap[0].poolPassivator=NONE > cas.authn.ldap[0].baseDn=[BASE_DN] > cas.authn.ldap[0].searchFilter=[FILTER] > cas.authn.ldap[0].bindDn=[LDAP_BIND_USER] > cas.authn.ldap[0].bindCredential=[LDAP_BIND_CREDENTIAL] > cas.authn.ldap[0].useSsl=false > cas.authn.ldap[0].ldapUrl=[CAS_AUTHN_LDAP_LDAPURL] > cas.monitor.ldap.ldapUrl=[CAS_AUTHN_LDAP_LDAPURL] > cas.monitor.ldap.useSsl=false > cas.monitor.ldap.poolPassivator=NONE > > Also I guess > > minPoolSize=3 > maxPoolSize=10 > > are on by default. > > Using netstat to monitor the ESTABLISHED connections to our LDAP, I can > see that CAS starts up with 18 connections that are then pruned down to 9. > These remain after the periodic "validate task" process > > I can then see each login creates a new connection to LDAP, even if I > login/logout as the same user each time in my browser. > > I increased the number of connections, testing this simple way, to 55 > connections before stopping. > > I could see that these ESTABLISHED connections dropped away over time and > eventually, after a few periodic "validate task" scheduled processes I got > back down to 9 connections and 3 pools. > > I was wondering what behaviour I am seeing here? Why are there 3 > connection pools sitting dormant? Is there anything to limit the number of > connection pools and thus connections being created? Why do I see no > apparent ldap connection re-use? > > Am I misunderstanding expected behaviour or have things configured > incorrectly? > > We've not really changed default settings. (Although I did add > poolPassivator=NONE which changed it from the default value of BIND, I > believe. Under BIND, I was seeing 4 new connections being created per > login!) > > I can post more info on our OPEN LDAP if that would be useful? > > Many thanks for any advice. > > cheers > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdb832b9-0fd1-4987-9a61-9d61719a8422%40apereo.org.
