You might want to experiment with turning the passivator off, or changing its setting. Not sure that's it, but it might help?
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#why-passivators -- DAVID A. CURRY, CISSP *DIRECTOR • INFORMATION SECURITY & PRIVACY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • david.cu...@newschool.edu On Fri, Jan 10, 2020 at 5:40 PM Trenton D. Adams <tre...@athabascau.ca> wrote: > Good day, > > We are having some problems with CAS 5.2.x leaking connections in our > production environment. We're not sure how or why this is happening. What > we do know is that they are no longer part of the pool, because if they > were we'd run out of connections in the pool. However, there is a limit to > the number of connections an LDAP server can handle, so it requires a CAS > restart regularly. > > Below is the configuration we're using for both LDAP and the password > manager. We were hoping someone understand why this could be happening, as > the CAS documentation is not very good for these settings, and neither are > the javadoc or Ldaptive docs. I hope someone with more CAS experience, > such as a dev, might be able to help? > > > cas.authn.ldap[0].type=ANONYMOUS > > cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com:389 > > cas.authn.ldap[0].useSsl=false > > cas.authn.ldap[0].baseDn=ou=Student,ou=People,dc=example,dc=com > > cas.authn.ldap[0].userFilter=uid={user} > > cas.authn.ldap[0].principalAttributeId=uid > > cas.authn.ldap[0].principalAttributeList=uid,udcid:UDC_IDENTIFIER > > cas.authn.ldap[1].type=ANONYMOUS > > cas.authn.ldap[1].ldapUrl=ldap://ldap.example.ca:389 > > cas.authn.ldap[1].useSsl=false > > cas.authn.ldap[1].baseDn=ou=Staff,ou=People,dc=example,dc=com > > cas.authn.ldap[1].userFilter=uid={user} > > cas.authn.ldap[1].principalAttributeId=uid > > cas.authn.ldap[1].principalAttributeList=uid,udcid:UDC_IDENTIFIER > > > cas.authn.pm.ldap.type=GENERIC > > cas.authn.pm.ldap.ldapUrl=ldap://ldap.example.com:389 > > cas.authn.pm.ldap.connectionStrategy=ACTIVE_PASSIVE > > cas.authn.pm.ldap.useSsl=false > > cas.authn.pm.ldap.useStartTls=false > > cas.authn.pm.ldap.connectTimeout=5000 > > cas.authn.pm.ldap.baseDn=ou=People,dc=example,dc=com > > cas.authn.pm.ldap.userFilter=uid={user} > > cas.authn.pm.ldap.subtreeSearch=true > > cas.authn.pm.ldap.bindDn=cn=Manager,dc=example,dc=com > > cas.authn.pm.ldap.bindCredential= > > cas.authn.pm.ldap.trustCertificates= > > cas.authn.pm.ldap.poolPassivator=BIND > > cas.authn.pm.ldap.minPoolSize=3 > > cas.authn.pm.ldap.maxPoolSize=10 > > cas.authn.pm.ldap.validateOnCheckout=true > > cas.authn.pm.ldap.validatePeriodically=true > > cas.authn.pm.ldap.validatePeriod=600 > > cas.authn.pm.ldap.validateTimeout=5000 > > cas.authn.pm.ldap.failFast=false > > cas.authn.pm.ldap.idleTime=500 > > cas.authn.pm.ldap.prunePeriod=600 > > cas.authn.pm.ldap.blockWaitTime=5000 > > cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > > cas.authn.pm.ldap.securityQuestionsAttributes.challengeQuestion=challengeResponse > > cas.authn.pm.ldap.validator.type=SEARCH > > cas.authn.pm.ldap.validator.baseDn=ou=Staff,ou=People,dc=example,dc=com > > cas.authn.pm.ldap.validator.searchFilter=(uid=some-user) > > cas.authn.pm.ldap.validator.scope=ONELEVEL > > cas.authn.pm.ldap.validator.attributeName=cn > > cas.authn.pm.ldap.validator.attributeValues=Some Name > > cas.authn.pm.ldap.validator.dn= > > -- > Trenton D. Adams > Senior Systems Analyst/Web Software Developer > Applications Unit - ITS > Athabasca University > (780) 675-6195 > > It is only when you are surrounded by a supportive team, that you can achieve > your best. Instead of tearing people down, try building them up! > > -- > > This communication is intended for the use of the recipient to whom it is > addressed, and may contain confidential, personal, and or privileged > information. Please contact us immediately if you are not the intended > recipient of this communication, and do not copy, distribute, or take > action relying on it. Any communications received in error, or subsequent > reply, should be deleted or destroyed. > > --- > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a565299-d009-ea66-8a01-b3b8bdb4146d%40athabascau.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a565299-d009-ea66-8a01-b3b8bdb4146d%40athabascau.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPq7iK7YZkq2L6k54es%2BUdWGr506fZXc%3DNK%2BRY4ubY8xw%40mail.gmail.com.
