Good day,
We are having some problems with CAS 5.2.x leaking connections in our
production environment. We're not sure how or why this is happening. What we
do know is that they are no longer part of the pool, because if they were we'd
run out of connections in the pool. However, there is a limit to the number of
connections an LDAP server can handle, so it requires a CAS restart regularly.
Below is the configuration we're using for both LDAP and the password manager.
We were hoping someone understand why this could be happening, as the CAS
documentation is not very good for these settings, and neither are the javadoc
or Ldaptive docs. I hope someone with more CAS experience, such as a dev,
might be able to help?
cas.authn.ldap[0].type=ANONYMOUS
cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com:389
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].baseDn=ou=Student,ou=People,dc=example,dc=com
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].principalAttributeId=uid
cas.authn.ldap[0].principalAttributeList=uid,udcid:UDC_IDENTIFIER
cas.authn.ldap[1].type=ANONYMOUS
cas.authn.ldap[1].ldapUrl=ldap://ldap.example.ca:389
cas.authn.ldap[1].useSsl=false
cas.authn.ldap[1].baseDn=ou=Staff,ou=People,dc=example,dc=com
cas.authn.ldap[1].userFilter=uid={user}
cas.authn.ldap[1].principalAttributeId=uid
cas.authn.ldap[1].principalAttributeList=uid,udcid:UDC_IDENTIFIER
cas.authn.pm.ldap.type=GENERIC
cas.authn.pm.ldap.ldapUrl=ldap://ldap.example.com:389
cas.authn.pm.ldap.connectionStrategy=ACTIVE_PASSIVE
cas.authn.pm.ldap.useSsl=false
cas.authn.pm.ldap.useStartTls=false
cas.authn.pm.ldap.connectTimeout=5000
cas.authn.pm.ldap.baseDn=ou=People,dc=example,dc=com
cas.authn.pm.ldap.userFilter=uid={user}
cas.authn.pm.ldap.subtreeSearch=true
cas.authn.pm.ldap.bindDn=cn=Manager,dc=example,dc=com
cas.authn.pm.ldap.bindCredential=
cas.authn.pm.ldap.trustCertificates=
cas.authn.pm.ldap.poolPassivator=BIND
cas.authn.pm.ldap.minPoolSize=3
cas.authn.pm.ldap.maxPoolSize=10
cas.authn.pm.ldap.validateOnCheckout=true
cas.authn.pm.ldap.validatePeriodically=true
cas.authn.pm.ldap.validatePeriod=600
cas.authn.pm.ldap.validateTimeout=5000
cas.authn.pm.ldap.failFast=false
cas.authn.pm.ldap.idleTime=500
cas.authn.pm.ldap.prunePeriod=600
cas.authn.pm.ldap.blockWaitTime=5000
cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.pm.ldap.securityQuestionsAttributes.challengeQuestion=challengeResponse
cas.authn.pm.ldap.validator.type=SEARCH
cas.authn.pm.ldap.validator.baseDn=ou=Staff,ou=People,dc=example,dc=com
cas.authn.pm.ldap.validator.searchFilter=(uid=some-user)
cas.authn.pm.ldap.validator.scope=ONELEVEL
cas.authn.pm.ldap.validator.attributeName=cn
cas.authn.pm.ldap.validator.attributeValues=Some Name
cas.authn.pm.ldap.validator.dn=
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195
It is only when you are surrounded by a supportive team, that you can achieve
your best. Instead of tearing people down, try building them up!
--
This communication is intended for the use of the recipient to whom it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communications received in error, or subsequent reply,
should be deleted or destroyed.
---
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a565299-d009-ea66-8a01-b3b8bdb4146d%40athabascau.ca.