I had a similar problem with OpenLDAP and AD. Only one of them could be resolved with that tweak, the other would open connections until it reached the Linux's opened files per process limit (which I didn't know it even existed!).
The only way I could solve that problem was by using the Docker container. I don't have a clue for why that works... Vincent L. <[email protected]> escreveu no dia sexta, 3/04/2020 à(s) 09:23: > thank you!!!!!!!!! thank you!!!!!!!!!!!!!!!!!!!!!!!!! > > Le jeudi 7 novembre 2019 19:07:47 UTC+1, Trenton D. Adams a écrit : >> >> This is also happening on Java 8 and 5.2.x I'll have to look into >> whether that's valid for 5.2.x. >> On 11/6/19 7:16 AM, n99 wrote: >> >> For anyone else who finds themselves scratching their head over this.... >> >> cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid. >> UnboundIDProvider >> >> >> is the magic setting if you are using open JDK 9, 11, 12, 13. >> >> https://bugs.openjdk.java.net/browse/JDK-8217606 >> >> and >> >> "The JNDI provider is broken in Java version 9 and later. It is recommend >> that you use the UnboundID provider with newer versions of Java and >> ldaptive v1.x" at https://www.ldaptive.org/v1/ (not easy to find on the >> ldaptive site) >> >> finally got us there. >> >> Shame this is not highlighted as an issue on the CAS 6.0.x docs....esp at >> the fix with jdk 14 is not out until next year! >> >> >> On Thursday, 31 October 2019 14:12:04 UTC, n99 wrote: >>> >>> Hi >>> >>> We are seeing issues with CAS 6.0.5 running against our OPEN Ldap where >>> we are seeing too many connections being made to LDAP. >>> >>> . We have the following settings. >>> >>> cas.authn.ldap[0].type=AUTHENTICATED >>> cas.authn.ldap[0].poolPassivator=NONE >>> cas.authn.ldap[0].baseDn=[BASE_DN] >>> cas.authn.ldap[0].searchFilter=[FILTER] >>> cas.authn.ldap[0].bindDn=[LDAP_BIND_USER] >>> cas.authn.ldap[0].bindCredential=[LDAP_BIND_CREDENTIAL] >>> cas.authn.ldap[0].useSsl=false >>> cas.authn.ldap[0].ldapUrl=[CAS_AUTHN_LDAP_LDAPURL] >>> cas.monitor.ldap.ldapUrl=[CAS_AUTHN_LDAP_LDAPURL] >>> cas.monitor.ldap.useSsl=false >>> cas.monitor.ldap.poolPassivator=NONE >>> >>> Also I guess >>> >>> minPoolSize=3 >>> maxPoolSize=10 >>> >>> are on by default. >>> >>> Using netstat to monitor the ESTABLISHED connections to our LDAP, I can >>> see that CAS starts up with 18 connections that are then pruned down to 9. >>> These remain after the periodic "validate task" process >>> >>> I can then see each login creates a new connection to LDAP, even if I >>> login/logout as the same user each time in my browser. >>> >>> I increased the number of connections, testing this simple way, to 55 >>> connections before stopping. >>> >>> I could see that these ESTABLISHED connections dropped away over time >>> and eventually, after a few periodic "validate task" scheduled processes I >>> got back down to 9 connections and 3 pools. >>> >>> I was wondering what behaviour I am seeing here? Why are there 3 >>> connection pools sitting dormant? Is there anything to limit the number of >>> connection pools and thus connections being created? Why do I see no >>> apparent ldap connection re-use? >>> >>> Am I misunderstanding expected behaviour or have things configured >>> incorrectly? >>> >>> We've not really changed default settings. (Although I did add >>> poolPassivator=NONE which changed it from the default value of BIND, I >>> believe. Under BIND, I was seeing 4 new connections being created per >>> login!) >>> >>> I can post more info on our OPEN LDAP if that would be useful? >>> >>> Many thanks for any advice. >>> >>> cheers >>> >>> >>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdb832b9-0fd1-4987-9a61-9d61719a8422%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdb832b9-0fd1-4987-9a61-9d61719a8422%40apereo.org?utm_medium=email&utm_source=footer> >> . >> >> -- >> Trenton D. Adams >> Senior Systems Analyst/Web Software Developer >> Applications Unit - ITS >> Athabasca University >> (780) 675-6195 >> >> It is only when you are surrounded by a supportive team, that you can achieve >> your best. Instead of tearing people down, try building them up! >> >> -- >> >> This communication is intended for the use of the recipient to whom it is >> addressed, and may contain confidential, personal, and or privileged >> information. Please contact us immediately if you are not the intended >> recipient of this communication, and do not copy, distribute, or take >> action relying on it. Any communications received in error, or subsequent >> reply, should be deleted or destroyed. >> >> --- >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/99250d88-5fa2-40fc-9b64-c040364bbc71%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/99250d88-5fa2-40fc-9b64-c040364bbc71%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Francisco Castel-Branco -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMrou-O%2BZWW4jZ%2BBOLfE%2BBbJpzK1nfBVt4Q4iB2_5OpoXhQCYw%40mail.gmail.com.
