[
https://issues.apache.org/jira/browse/FC-338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18008981#comment-18008981
]
Shawn McKinney commented on FC-338:
-----------------------------------
The connection pool uses
[ValidatingPoolableLdapConnectionFactory(https://nightlies.apache.org/directory/api/2.0.2/apidocs/org/apache/directory/ldap/client/api/ValidatingPoolableLdapConnectionFactory.html)
from LDAP API. This class invokes binds in its activate and passivateObject
methods. This should not be necessary if the connection pool calls an unbind
before returning object to the pool.
I have overridden these methods and removed the extra find steps as shown
below. The tests pass.
To be clear, this scenario is only a problem in the Fortress user connection
pool. This pool is maintained for validating user bind and password policies
checks in (untrusted) createSession invocations.
We want the connections to be pooled because it is inefficient to create new
connections on every request, particularly when TLS/LDAPS is enabled.
So, these extra (anonymous) binds cause 2 additional round trips with the
server per every bind/createSession method invocation. This is unacceptable.
```
public class NoRebindPoolableLdapConnectionFactory extends
ValidatingPoolableLdapConnectionFactory
{
@Override
public void activateObject(PooledObject<LdapConnection> connection) throws
LdapException
{
...
/*
if (!connection.getObject().isConnected() ||
!connection.getObject().isAuthenticated())
{
if (LOG.isDebugEnabled())
{
LOG.debug(I18n.msg(I18n.MSG_04147_REBIND_CONNECTION_DROPPED,
connection));
}
connectionFactory.bindConnection(connection.getObject());
}
*/
}
@Override
public void passivateObject(PooledObject<LdapConnection> pooledObject)
throws LdapException
{
LdapConnection connection = pooledObject.getObject();
...
/*
if ( !connection.isConnected() || !connection.isAuthenticated()
|| ( (MonitoringLdapConnection) connection ).bindCalled() )
{
if ( LOG.isDebugEnabled() )
{
LOG.debug( I18n.msg( I18n.MSG_04172_REBIND_BIND_CONNECTION,
connection ) );
}
connectionFactory.bindConnection( connection );
}
*/
/*
if ( ( ( MonitoringLdapConnection ) connection ).startTlsCalled() )
{
if ( LOG.isDebugEnabled() )
{
LOG.debug( I18n.msg( I18n.MSG_04173_UNBIND_START_TLS,
connection ) );
}
// unbind to clear the tls
connection.unBind();
connectionFactory.bindConnection( connection );
}
*/
// in case connection had configuration changed
connectionFactory.configureConnection(connection);
}
}
```
> Extraneous Binds in connection pool
> -----------------------------------
>
> Key: FC-338
> URL: https://issues.apache.org/jira/browse/FC-338
> Project: FORTRESS
> Issue Type: Bug
> Affects Versions: 3.0.1
> Reporter: Shawn McKinney
> Assignee: Shawn McKinney
> Priority: Major
> Fix For: 3.0.2
>
>
> Investigate/fix extraneous binds with server when connections are being
> added/removed from the pool.
> ```
> Jul 21 21:58:37 localhost slapd[217014]: conn=1007 op=4 BIND anonymous
> mech=implicit bind_ssf=0 ssf=0
> Jul 21 21:58:37 localhost slapd[217014]: conn=1007 op=4 BIND
> dn="cn=manager,dc=example,dc=com" method=128
> Jul 21 21:58:37 localhost slapd[217014]: conn=1007 op=4 BIND
> dn="cn=manager,dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=0
> Jul 21 21:58:37 localhost slapd[217014]: conn=1007 op=4 RESULT tag=97 err=0
> qtime=0.000069 etime=0.002736 text=
> ```
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
