Did you do this with ehcache or the technique Brent outlined? If it's the former, I'm worried about it not closing the resources - we should test it with a lot of concurrent different users.
On 26/08/2011, at 12:57 PM, Deng Ching wrote: > I made some changes to the impl, btw. Instead of just caching the ldap > users, I've also cached the ldap connections. Not all ldap servers return a > hashed password (some return just a masked string, eg. ******) for the > userPassword attribute of an ldap user so we can't do a comparison on it. > You need to bind to the ldap server to authenticate, so I just cached the > ldap connection of a user. For the ldap connections, I've set the TTL to > 15secs., then 2 mins. TTL for the ldap users. > > I ran a 'clean install' on archiva-parent against an Archiva repo using JDO > and LDAP for authentication, and these are the results: > - JDO: 7:04.998s > - LDAP: 7:17.382s > > Thanks, > Deng > > On Thu, Aug 25, 2011 at 10:07 AM, Deng Ching <och...@apache.org> wrote: > >> On Thu, Aug 25, 2011 at 1:44 AM, Brent Atkinson >> <brent.atkin...@gmail.com>wrote: >> >>> Hi everyone, >>> >>> I actually ran into this when fixing the connection leaks. I realized it >>> was >>> probably building in too many assumptions, but I created and held onto the >>> LdapCtxFactory in redback's LdapConnection for a very specific reason: >>> connection pooling. The sun JNDI ldap implementation can pool connections >>> sharing the same credentials *and config options* as long as they are >>> created from the same LdapCtxFactory. >>> >>> http://download.oracle.com/javase/jndi/tutorial/ldap/connect/pool.html >>> >>> >> Thanks Brent! We'll look into that. >> >> >>> On Wed, Aug 24, 2011 at 8:57 AM, Wendy Smoak <wsm...@gmail.com> wrote: >>> >>>> On Wed, Aug 24, 2011 at 2:45 AM, Deng Ching <och...@apache.org> wrote: >>>> >>>>> We're planning to use EhCache for this so we can also set a TTL >>>>> (time-to-live) for the cached objects. A password change done from the >>>>> webapp would flush the user in the cache. >>>> >>>> If you're using LDAP, would users be doing password changes from the >>>> webapp? >>>> >>>> Making that TTL configurable by the admin would be good, then they can >>>> trade off between extra calls to LDAP and 'how come my new password >>>> doesn't work?'. >>> >> >> Agreed. We'll add this functionality as well :) >> >> Thanks, >> Deng >> -- Brett Porter br...@apache.org http://brettporter.wordpress.com/ http://au.linkedin.com/in/brettporter
