开发者

How to enable connection pooling over LDAP SSL?

开发者 https://www.devze.com 2023-01-17 23:11 出处:网络
Okay, so I\'m moving my application over from non-SSL to SSL connections to my LDAP server. When running the application in non-SSL, connection pooling is working fine. However when I switch to SSL co

Okay, so I'm moving my application over from non-SSL to SSL connections to my LDAP server. When running the application in non-SSL, connection pooling is working fine. However when I switch to SSL connection pools no longer work.

While researching here I realized that I never set the "com.sun.jndi.ldap.connect.pool.protocol" property to 开发者_运维知识库"plain ssl" since defaultly it is set to plain. I thought this was the problem.

When I implemented the change to include "plain ssl", it did not fix the problem and connection pools were still not being used.

Is there some other setting that I am missing?

Relevant code:

    Hashtable LDAPEnvironment = new Hashtable();
    LDAPEnvironment.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
    LDAPEnvironment.put(Context.SECURITY_PRINCIPAL, SECURITY_PRINCIPAL);
    LDAPEnvironment.put(Context.SECURITY_CREDENTIALS, SECURITY_CREDENTIALS);
    LDAPEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY);
    LDAPEnvironment.put(Context.PROVIDER_URL, PROVIDER_URL );
    LDAPEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
    LDAPEnvironment.put("java.naming.ldap.version", versionOfLDAP );

    if (ldapProtocol != null && ldapProtocol.equalsIgnoreCase("SSL")){
        LDAPEnvironment.put(Context.SECURITY_PROTOCOL,"ssl");
        LDAPEnvironment.put("com.sun.jndi.ldap.connect.pool.protocol","plain ssl");
    }

    LDAPEnvironment.put("com.sun.jndi.ldap.connect.pool", "true");


I have found the problem. The documentation specifically states that the those properties are system properties and not environment properties. I was setting these as environment properties. :-)


If you scroll down a little, at the link you provided (scroll to "How Connections are Pooled"), you'll see the explanation to how the pooling works.

When you request a pooled connection, you will get one only if ALL the specified properties are identical. And that's a long list of properties...

I your case this is:

  • connection controls
  • host name, port number as specified in the "java.naming.provider.url" property, referral, or URL supplied to the initial context
  • java.naming.security.protocol property
  • java.naming.ldap.version property
  • java.naming.security.principal property
  • java.naming.security.credentials property

If you always use the same constants when request a connection from the connection pool, I think you should get the same pooled connection. That is, if you set the com.sun.jndi.ldap.connect.pool.* properties properly - but I didn't see that in the code you provided.

If you did set the com.sun.jndi.ldap.connect.pool.* properties to sensible values, try setting com.sun.jndi.ldap.connect.pool.debug to fine. This will help you debug.

Another option is to use a framework, or a provider that supports connection pooling. Note that the pooling provided to you by Java is rather limited. I used Spring-Ldap in the past, and it has very good support.

Hope this helps.

0

精彩评论

暂无评论...
验证码 换一张
取 消