> CAS is configured with the FastBindLdapAuthenticationHandler. Is it
> possible to use a pooled context source with this configuration?
No, although arguably it should be able to to do this. Unfortunately
that's a spring-ldap enhancement. The good news is that the author is
someone in the Jasig community we could work with to make it happen.
I've been thinking about submitting an enhancement over there. Anyone
else interested?
The problem reported by your tester is only remotely related to
pooling connections. You're starting long-lived connections that are
not closed in a timely manner.
> Once the number of threads reaches around 950 in each of the Tomcat
> containers the process runs out of open files as the current Linux limit on
> open files per process is 1024 (see below)
Why aren't these threads dying naturally on connection close? We do
the right thing in CAS:
} finally {
if (dirContext != null) {
LdapUtils.closeContext(dirContext);
}
}
You want closing the LDAP connection to send the FIN to initiate tear
down immediately. I'd expect this to be the default behavior, but
I've been surprised by socket behavior in Java in the past.
> without pooling we are surprised to see that the LDAP threads remain in
> process waiting on a socket read to LDAP, although we periodically observe
> (after approx 15 minutes) a large number of threads being released although
> this could be down to some form of application housekeeping or as a
> consequence of TCP Keepalives.
I'm surprised, but proper management of sockets in Java is somewhat of
an art and I do agree that TCP keepalives may be the problem. Can you
provide some more information about your environment:
- Java version
- Operating system
- LdapContextSource configuration
The good news is that there is a way to get at most any socket
property needed, but we'll dig into that after I get some more
information and try to reproduce here.
Thanks,
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
