archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject Re: Archiva issue with LDAP (MRM-1488)
Date Fri, 26 Aug 2011 03:47:30 GMT
Did you do this with ehcache or the technique Brent outlined? If it's the former, I'm worried
about it not closing the resources - we should test it with a lot of concurrent different
users.

On 26/08/2011, at 12:57 PM, Deng Ching wrote:

> I made some changes to the impl, btw. Instead of just caching the ldap
> users, I've also cached the ldap connections. Not all ldap servers return a
> hashed password (some return just a masked string, eg. ******) for the
> userPassword attribute of an ldap user so we can't do a comparison on it.
> You need to bind to the ldap server to authenticate, so I just cached the
> ldap connection of a user. For the ldap connections, I've set the TTL to
> 15secs., then 2 mins. TTL for the ldap users.
> 
> I ran a 'clean install' on archiva-parent against an Archiva repo using JDO
> and LDAP for authentication, and these are the results:
> - JDO: 7:04.998s
> - LDAP: 7:17.382s
> 
> Thanks,
> Deng
> 
> On Thu, Aug 25, 2011 at 10:07 AM, Deng Ching <oching@apache.org> wrote:
> 
>> On Thu, Aug 25, 2011 at 1:44 AM, Brent Atkinson <brent.atkinson@gmail.com>wrote:
>> 
>>> Hi everyone,
>>> 
>>> I actually ran into this when fixing the connection leaks. I realized it
>>> was
>>> probably building in too many assumptions, but I created and held onto the
>>> LdapCtxFactory in redback's LdapConnection for a very specific reason:
>>> connection pooling. The sun JNDI ldap implementation can pool connections
>>> sharing the same credentials *and config options* as long as they are
>>> created from the same LdapCtxFactory.
>>> 
>>> http://download.oracle.com/javase/jndi/tutorial/ldap/connect/pool.html
>>> 
>>> 
>> Thanks Brent! We'll look into that.
>> 
>> 
>>> On Wed, Aug 24, 2011 at 8:57 AM, Wendy Smoak <wsmoak@gmail.com> wrote:
>>> 
>>>> On Wed, Aug 24, 2011 at 2:45 AM, Deng Ching <oching@apache.org> wrote:
>>>> 
>>>>> We're planning to use EhCache for this so we can also set a TTL
>>>>> (time-to-live) for the cached objects. A password change done from the
>>>>> webapp would flush the user in the cache.
>>>> 
>>>> If you're using LDAP, would users be doing password changes from the
>>>> webapp?
>>>> 
>>>> Making that TTL configurable by the admin would be good, then they can
>>>> trade off between extra calls to LDAP and 'how come my new password
>>>> doesn't work?'.
>>> 
>> 
>> Agreed. We'll add this functionality as well :)
>> 
>> Thanks,
>> Deng
>> 

--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter





Mime
View raw message