A couple things:
> <bean id="contextSource"
> class="org.springframework.ldap.core.support.LdapContextSource">
>
> <property name="pooled" value="true"/>
> <property name="urls">
> <list>
> <!--
> <value>ldap://wanship.acs.utah.edu:9100/</value>
> -->
> <!-- DEV
> <value>ldap://ldap2.acs.utah.edu:9192/</value>
> -->
> <!-- Hellhole
> <value>ldap://hellhole.acs.utah.edu:9600/</value>
> -->
> <!-- Active directory on Ring -->
> <!--<value>ldaps://ring.ad.utah.edu</value>-->
>
> <!-- <value>${cas.ldap.server.1}</value> -->
> <!-- Persistent LDAP for PROD -->
> <!-- <value>ldap://ldap3.acs.utah.edu:9200 SCOUT/</value> -->
> <value>${casldapserver1}</value>
> <!-- Persistent LDAP for DEV WANSHIP
> <value>ldap://ldap2.acs.utah.edu:9182/</value>
> -->
>
> </list>
> </property>
What are you trying to accomplish with all these different LDAP
servers? You should set pooled="false" since you're using this
context source for authentication and you don't want remnants from
previous connections left around for subsequent auth attempts. I
imagine that you want failover for LDAP, but specifying multiple LDAP
URLs is simply not the best way to accomplish this. I can put you in
contact with our (excellent) LDAP sysadmin, and he can give you
pointers. We have an extremely fast and capable LDAP implementation,
so we're a good model to follow if possible. (With AD, may be
limited.)
Another important point of your config that you should reconsider ASAP:
> <bean
> id="dataSource"
> class="org.apache.commons.dbcp.BasicDataSource"
> p:driverClassName="oracle.jdbc.driver.OracleDriver"
>
> p:url="${cas.database.url}"
> p:username="${cas.database.user}"
> p:password="${cas.database.password}"
>
> p:defaultAutoCommit="true"
> p:defaultTransactionIsolation="2"
>
> p:url=""jdbc:oracle:thin:@castle.acs.utah.edu:2083:oems
>
> p:username="usecuredev"
> p:password="usecuredev"
> p:defaultAutoCommit="true"
> p:defaultTransactionIsolation="2"
>
> />
You're not using database connection pooling for your ticket registry,
which is extremely wasteful and may be part of your problem. If you
want to stay with DBCP, switch to
http://commons.apache.org/dbcp/apidocs/org/apache/commons/dbcp/PoolingDataSource.html
as soon as possible. Alternatively, you can move to c3p0, which is
what we use. I have some reasonable starting pool configs for that if
you want them.
Oh, and it looks like you forgot to redact your AD credentials. Time
for a password change if that's the case.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
