archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deng Ching <och...@apache.org>
Subject Re: Archiva issue with LDAP (MRM-1488)
Date Fri, 26 Aug 2011 02:57:59 GMT
I made some changes to the impl, btw. Instead of just caching the ldap
users, I've also cached the ldap connections. Not all ldap servers return a
hashed password (some return just a masked string, eg. ******) for the
userPassword attribute of an ldap user so we can't do a comparison on it.
You need to bind to the ldap server to authenticate, so I just cached the
ldap connection of a user. For the ldap connections, I've set the TTL to
15secs., then 2 mins. TTL for the ldap users.

I ran a 'clean install' on archiva-parent against an Archiva repo using JDO
and LDAP for authentication, and these are the results:
- JDO: 7:04.998s
- LDAP: 7:17.382s

Thanks,
Deng

On Thu, Aug 25, 2011 at 10:07 AM, Deng Ching <oching@apache.org> wrote:

> On Thu, Aug 25, 2011 at 1:44 AM, Brent Atkinson <brent.atkinson@gmail.com>wrote:
>
>> Hi everyone,
>>
>> I actually ran into this when fixing the connection leaks. I realized it
>> was
>> probably building in too many assumptions, but I created and held onto the
>> LdapCtxFactory in redback's LdapConnection for a very specific reason:
>> connection pooling. The sun JNDI ldap implementation can pool connections
>> sharing the same credentials *and config options* as long as they are
>> created from the same LdapCtxFactory.
>>
>> http://download.oracle.com/javase/jndi/tutorial/ldap/connect/pool.html
>>
>>
> Thanks Brent! We'll look into that.
>
>
>> On Wed, Aug 24, 2011 at 8:57 AM, Wendy Smoak <wsmoak@gmail.com> wrote:
>>
>> > On Wed, Aug 24, 2011 at 2:45 AM, Deng Ching <oching@apache.org> wrote:
>> >
>> > > We're planning to use EhCache for this so we can also set a TTL
>> > > (time-to-live) for the cached objects. A password change done from the
>> > > webapp would flush the user in the cache.
>> >
>> > If you're using LDAP, would users be doing password changes from the
>> > webapp?
>> >
>> > Making that TTL configurable by the admin would be good, then they can
>> > trade off between extra calls to LDAP and 'how come my new password
>> > doesn't work?'.
>>
>
> Agreed. We'll add this functionality as well :)
>
> Thanks,
> Deng
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message