Folks,Today I've played a little with jmeter (and iptables to count ldap ssl connections), and I wonder why the method setContextSource of AbstractLdapPersonDirectoryCredentialsToPrincipalResolver class require a LdapContextSource object instead of a simple ContextSource ?
We're using X509 authentication then LDAP lookup so with this restriction we cannot pool our ldap connection : class org.springframework.ldap.pool.factory.PoolingContextSource cannot be cast to LdapContextSource :-(, Spring sent me an exception when I've tested this configuration.
So I did another test with a modified AbstractLdapPersonDirectoryCredentialsToPrincipalResolver class, It seems to work as expected :-). Is it a good idea ?
At last we also use login/password bind against our LDAP directory : It consumes 2 connection per login (1 : search DN of the user, 2 : bind test with the provided password), and unfortunately, AbstractLdapUsernamePasswordAuthenticationHandler class uses only one contextSource to do thoses 2 different things. I modified the class and now I provide 2 contextSources : authContextSource (unpooled), and searchContextSource(pooled), It continues to work as expected and now I have only one SSL connection per login (except pooled connections indeed). Is it a good idea to do this way ?
Rgds. -- Philippe MARASSE Service Informatique - Centre Hospitalier Henri Laborit BP 587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19
smime.p7s
Description: S/MIME Cryptographic Signature
