It was the former Brett. Right, I didn't think about closing the resources.. thanks for pointing that out :)
I'll do some testing on this. I'm actually thinking about reverting back the authentication part to not use the cache and only have the ldap users cached, I have to check though how big the difference would be in the builds if that would be the case since I think it's the find/search for user that's taking a while. Thanks, Deng On Fri, Aug 26, 2011 at 11:47 AM, Brett Porter <br...@apache.org> wrote: > Did you do this with ehcache or the technique Brent outlined? If it's the > former, I'm worried about it not closing the resources - we should test it > with a lot of concurrent different users. > > On 26/08/2011, at 12:57 PM, Deng Ching wrote: > > > I made some changes to the impl, btw. Instead of just caching the ldap > > users, I've also cached the ldap connections. Not all ldap servers return > a > > hashed password (some return just a masked string, eg. ******) for the > > userPassword attribute of an ldap user so we can't do a comparison on it. > > You need to bind to the ldap server to authenticate, so I just cached the > > ldap connection of a user. For the ldap connections, I've set the TTL to > > 15secs., then 2 mins. TTL for the ldap users. > > > > I ran a 'clean install' on archiva-parent against an Archiva repo using > JDO > > and LDAP for authentication, and these are the results: > > - JDO: 7:04.998s > > - LDAP: 7:17.382s > > > > Thanks, > > Deng > > > > On Thu, Aug 25, 2011 at 10:07 AM, Deng Ching <och...@apache.org> wrote: > > > >> On Thu, Aug 25, 2011 at 1:44 AM, Brent Atkinson < > brent.atkin...@gmail.com>wrote: > >> > >>> Hi everyone, > >>> > >>> I actually ran into this when fixing the connection leaks. I realized > it > >>> was > >>> probably building in too many assumptions, but I created and held onto > the > >>> LdapCtxFactory in redback's LdapConnection for a very specific reason: > >>> connection pooling. The sun JNDI ldap implementation can pool > connections > >>> sharing the same credentials *and config options* as long as they are > >>> created from the same LdapCtxFactory. > >>> > >>> http://download.oracle.com/javase/jndi/tutorial/ldap/connect/pool.html > >>> > >>> > >> Thanks Brent! We'll look into that. > >> > >> > >>> On Wed, Aug 24, 2011 at 8:57 AM, Wendy Smoak <wsm...@gmail.com> wrote: > >>> > >>>> On Wed, Aug 24, 2011 at 2:45 AM, Deng Ching <och...@apache.org> > wrote: > >>>> > >>>>> We're planning to use EhCache for this so we can also set a TTL > >>>>> (time-to-live) for the cached objects. A password change done from > the > >>>>> webapp would flush the user in the cache. > >>>> > >>>> If you're using LDAP, would users be doing password changes from the > >>>> webapp? > >>>> > >>>> Making that TTL configurable by the admin would be good, then they can > >>>> trade off between extra calls to LDAP and 'how come my new password > >>>> doesn't work?'. > >>> > >> > >> Agreed. We'll add this functionality as well :) > >> > >> Thanks, > >> Deng > >> > > -- > Brett Porter > br...@apache.org > http://brettporter.wordpress.com/ > http://au.linkedin.com/in/brettporter > > > > >
