This is also happening on Java 8 and 5.2.x I'll have to look into whether
that's valid for 5.2.x.
On 11/6/19 7:16 AM, n99 wrote:
For anyone else who finds themselves scratching their head over this....
cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
is the magic setting if you are using open JDK 9, 11, 12, 13.
https://bugs.openjdk.java.net/browse/JDK-8217606
and
"The JNDI provider is broken in Java version 9 and later. It is recommend that you
use the UnboundID provider with newer versions of Java and ldaptive v1.x" at
https://www.ldaptive.org/v1/ (not easy to find on the ldaptive site)
finally got us there.
Shame this is not highlighted as an issue on the CAS 6.0.x docs....esp at the
fix with jdk 14 is not out until next year!
On Thursday, 31 October 2019 14:12:04 UTC, n99 wrote:
Hi
We are seeing issues with CAS 6.0.5 running against our OPEN Ldap where we are
seeing too many connections being made to LDAP.
. We have the following settings.
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].baseDn=[BASE_DN]
cas.authn.ldap[0].searchFilter=[FILTER]
cas.authn.ldap[0].bindDn=[LDAP_BIND_USER]
cas.authn.ldap[0].bindCredential=[LDAP_BIND_CREDENTIAL]
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].ldapUrl=[CAS_AUTHN_LDAP_LDAPURL]
cas.monitor.ldap.ldapUrl=[CAS_AUTHN_LDAP_LDAPURL]
cas.monitor.ldap.useSsl=false
cas.monitor.ldap.poolPassivator=NONE
Also I guess
minPoolSize=3
maxPoolSize=10
are on by default.
Using netstat to monitor the ESTABLISHED connections to our LDAP, I can see that CAS
starts up with 18 connections that are then pruned down to 9. These remain after the
periodic "validate task" process
I can then see each login creates a new connection to LDAP, even if I
login/logout as the same user each time in my browser.
I increased the number of connections, testing this simple way, to 55
connections before stopping.
I could see that these ESTABLISHED connections dropped away over time and eventually,
after a few periodic "validate task" scheduled processes I got back down to 9
connections and 3 pools.
I was wondering what behaviour I am seeing here? Why are there 3 connection
pools sitting dormant? Is there anything to limit the number of connection
pools and thus connections being created? Why do I see no apparent ldap
connection re-use?
Am I misunderstanding expected behaviour or have things configured incorrectly?
We've not really changed default settings. (Although I did add
poolPassivator=NONE which changed it from the default value of BIND, I believe.
Under BIND, I was seeing 4 new connections being created per login!)
I can post more info on our OPEN LDAP if that would be useful?
Many thanks for any advice.
cheers
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdb832b9-0fd1-4987-9a61-9d61719a8422%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdb832b9-0fd1-4987-9a61-9d61719a8422%40apereo.org?utm_medium=email&utm_source=footer>.
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195
It is only when you are surrounded by a supportive team, that you can achieve
your best. Instead of tearing people down, try building them up!
--
This communication is intended for the use of the recipient to whom it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communications received in error, or subsequent reply,
should be deleted or destroyed.
---
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/911f48cf-2f13-f826-229b-fba396d619ca%40athabascau.ca.
