We are only using one LDAP the rest are commented out (sloppy coding on my part when moving between dev / prototype servers). The credentials are for a test ldap, but yeah we'll change the password.
The database stuff was set for the service manager. I didn't realize it would also be used for the ticket registry... I will revisit this ASAP. Thanks for the help,I am going to redeploy setting pooled=false. Cheers, Bryan ________________________________________ From: Marvin Addison [[email protected]] Sent: Saturday, April 16, 2011 12:11 PM To: [email protected] Subject: Re: [cas-user] Help! A couple things: > <bean id="contextSource" > class="org.springframework.ldap.core.support.LdapContextSource"> > > <property name="pooled" value="true"/> > <property name="urls"> > <list> > <!-- > <value>ldap://wanship.acs.utah.edu:9100/</value> > --> > <!-- DEV > <value>ldap://ldap2.acs.utah.edu:9192/</value> > --> > <!-- Hellhole > <value>ldap://hellhole.acs.utah.edu:9600/</value> > --> > <!-- Active directory on Ring --> > <!--<value>ldaps://ring.ad.utah.edu</value>--> > > <!-- <value>${cas.ldap.server.1}</value> --> > <!-- Persistent LDAP for PROD --> > <!-- <value>ldap://ldap3.acs.utah.edu:9200 SCOUT/</value> --> > <value>${casldapserver1}</value> > <!-- Persistent LDAP for DEV WANSHIP > <value>ldap://ldap2.acs.utah.edu:9182/</value> > --> > > </list> > </property> What are you trying to accomplish with all these different LDAP servers? You should set pooled="false" since you're using this context source for authentication and you don't want remnants from previous connections left around for subsequent auth attempts. I imagine that you want failover for LDAP, but specifying multiple LDAP URLs is simply not the best way to accomplish this. I can put you in contact with our (excellent) LDAP sysadmin, and he can give you pointers. We have an extremely fast and capable LDAP implementation, so we're a good model to follow if possible. (With AD, may be limited.) Another important point of your config that you should reconsider ASAP: > <bean > id="dataSource" > class="org.apache.commons.dbcp.BasicDataSource" > p:driverClassName="oracle.jdbc.driver.OracleDriver" > > p:url="${cas.database.url}" > p:username="${cas.database.user}" > p:password="${cas.database.password}" > > p:defaultAutoCommit="true" > p:defaultTransactionIsolation="2" > > p:url=""jdbc:oracle:thin:@castle.acs.utah.edu:2083:oems > > p:username="usecuredev" > p:password="usecuredev" > p:defaultAutoCommit="true" > p:defaultTransactionIsolation="2" > > /> You're not using database connection pooling for your ticket registry, which is extremely wasteful and may be part of your problem. If you want to stay with DBCP, switch to http://commons.apache.org/dbcp/apidocs/org/apache/commons/dbcp/PoolingDataSource.html as soon as possible. Alternatively, you can move to c3p0, which is what we use. I have some reasonable starting pool configs for that if you want them. Oh, and it looks like you forgot to redact your AD credentials. Time for a password change if that's the case. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
