directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "lucas theisen (JIRA)" <>
Subject [jira] [Commented] (FC-42) Avoid pulling a new connection from the LDAP connection pool
Date Wed, 20 May 2015 14:51:00 GMT


lucas theisen commented on FC-42:

[~smckinney], the intention behind this factory was that you would effectively need only one
pool.  The pool would maintain admin bound connections.  If used for authentication (bind),
then it would be detected upon being returned and the connection would be rebound with the
admin credentials.  If not, it would just get added back to the pool.  I am not familiar with
the use case for a separate pool for logging, but I do not have experience with openldap (perhaps
some special privileged non-admin account?).

As far as TLS, if StartTLS is performed on the connection after being checked out then it
would be only for the duration of that checkout.  And since there is no StopTLS (or the like),
the connection is closed, opened, and rebound upon being returned.  Right now, the factory
does not issue StartTLS, however, thinking about it, that may be a useful option to the factory
to StartTLS upon connection.  I personally use ldaps (or ldap in a trusted environment behind
a firewall) so I have not had need to do this.  Though I imagine it would be quite useful...

Anyway, you should be able to get away with one connection pool if you use this factory. 
If not, I would be interested in hearing why (for my own knowledge).

> Avoid pulling a new connection from the LDAP connection pool
> ------------------------------------------------------------
>                 Key: FC-42
>                 URL:
>             Project: FORTRESS
>          Issue Type: Improvement
>    Affects Versions: 1.0.0-RC39
>            Reporter: Emmanuel Lecharny
>             Fix For: 1.0.0-RC41
> Atm, everytime we want to send a request to the LDAP server, we are acquiring a connection
from the LDAP pool of connections. It's quite expensive, as each connection has to be rebind
everytime we push it back, and we do a validation (thus a read) everytime we ask back a connection.

> If we were to pass the connection we picked in the first call to all the methods, we
would save those costly Bind and check. 

This message was sent by Atlassian JIRA

View raw message