one minute with 28.000 users -is the when you do a propfind on all users?
Also what realm are you using - I have been looking at the Krb5LoginModule as described by Stefan Fromm. I was just wondering what experiences people has with integrating with an AD.
/jacob
----- Original Message ----- From: "James Mason" <[EMAIL PROTECTED]>
To: "Slide Users Mailing List" <slide-user@jakarta.apache.org>
Sent: Saturday, March 12, 2005 7:20 AM
Subject: RE: LDAP Connection Error
Just to elaborate (you've all probably figured this out by now), the JNDIPrincipalStore actually *searches* your LDAP server for users/groups. The configuration settings you give describe the search parameters. The deciding factor on performance is how many results are returned by the search. If you have a lot of users/groups Slide will take a long time to start. It takes about a minute for me with 28,000 user accounts.
-James
On Mon, 2005-02-28 at 09:48 +0000, Miguel Figueiredo wrote:Hello Jacob,
The JNDIStore does not look for anything here. The configuration u give to
her, tells her 'what is what, and where is it' ... Hmmm, with others words,
the configuration tells the LDAP/Active Directory server what kind of
objects she is looking for, and where she expects to be found. When you
start configuring it, you will get more insightful regarding this statement.
When the JNDIStore asks something to the server, it asks by means of a bind
request, and the server shall have the responsibility to find objects, in
the configured places, that match the bind request. 'Modus Operandis' of the
LDAP or Active Directory is exactly the same regarding the bind operation,
the difference comes in the schemas they offer: standard schemas with LDAP,
proprietary but standard-based schema on Active Directory (M$ strikes again
:P ).
Also, as you correctly stated, most companies split users and groups in several OUs. I'm glad to report that the JNDIStore is generic enough to adapt it's configuration to any deployment choices (at least we did not found any trouble in its configuration until now).
Hope this helps, Miguel Figueiredo
-----Original Message----- From: Jacob Lund [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 28 de Fevereiro de 2005 8:46 To: Slide Users Mailing List Subject: Re: LDAP Connection Error
Well - you mentioned exactly what I have been wondering about!
Most companies split users and groups in several OUs (Organizational units).
Can the JNDIStore search through the AD and fetch all users and groups, also
how will that affect the performance?
I have an AD with several OU ready for testing, but I have not had the time
to look into this deeper yet!
/jacob
----- Original Message ----- From: "John Gilbert" <[EMAIL PROTECTED]>
To: "Slide Users Mailing List" <slide-user@jakarta.apache.org>; "Slide Users
Mailing List" <slide-user@jakarta.apache.org> Sent: Friday, February 25, 2005 4:14 PM Subject: RE: LDAP Connection Error
There isn't much to say. I just follow the instructions I found in the
comment block of the source code and the postings to the user group. There
was nothing too special for AD.
Here is a link to a posting by James Mason. http://cvs.apache.org/viewcvs.cgi/jakarta-slide/src/conf/webapp/JNDI-Domain. xml?rev=1.2&view=auto
I did have to play with the jndi.attributes.groupmemberset and jndi.search.filter settings settings. Just use any old ldap browser to browse the schema.
One thing I have found is that AD admins seem to like spreading their groups
and people around in the tree, instead of having a single people root and a
single groups root. I don't think the JNDIPrincipalStore handles this case,
but I didn't have time to test it thoroughly. It might have to do with the
jndi.search.scope setting.
Also having the passwords in cleartext has been a battle.
________________________________
From: Jacob Lund [mailto:[EMAIL PROTECTED] Sent: Fri 2/25/2005 5:53 AM To: Slide Users Mailing List Subject: Re: LDAP Connection Error
Hi John!
I would like to create a Wiki on how to integrate slide with an AD!
Would you mind sharing your configuration of the JNDIPrincipalStore, realm
and other experiences on this integration?
Thanks /Jacob
----- Original Message ----- From: "John Gilbert" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" <slide-user@jakarta.apache.org> Sent: Thursday, February 24, 2005 4:33 PM Subject: LDAP Connection Error
I am using the JNDIPrincipalStore to connect to Active Directory to retrieve Users and Roles. Everything works fine for a while.
Then it eventually gets a connection error and I have to restart the Slide war. I have several other applications connecting to the same
Active Directory instance and they are not experiencing any problems or may be they are handling the error and reconnecting automatically.
Has anyone had this problem?
Is the JNDIPrincipalStore supposed to gracefully reconnect? There is nothing for this in the code. Is this handled by the framework?
Thanks
John
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
