Re: [cas-user] Hunting down SSL Ldap connections

Tue, 14 Jun 2011 01:39:23 -0700 

Improvement issue opened with patches I used attached.

Rgds.

Le 14/06/2011 06:13, Scott Battaglia a écrit :

If you open a JIRA issue for this, I'll take a look before the 3.4.9 release.

Thanks
Scott
On Fri, Jun 3, 2011 at 11:46 AM, Philippe MARASSE <[email protected] <mailto:[email protected]>> wrote: 

    Folks,

    Today I've played a little with jmeter (and iptables to count ldap ssl 
connections),
    and I wonder why the method setContextSource of
    AbstractLdapPersonDirectoryCredentialsToPrincipalResolver class require a
    LdapContextSource object instead of a simple ContextSource ?

    We're using X509 authentication then LDAP lookup so with this restriction 
we cannot
    pool our ldap connection : class
     org.springframework.ldap.pool.factory.PoolingContextSource cannot be cast 
to
    LdapContextSource :-(, Spring sent me an exception when I've tested this 
configuration.

    So I did another test with a modified
    AbstractLdapPersonDirectoryCredentialsToPrincipalResolver class, It seems 
to work as
    expected :-). Is it a good idea ?

    At last we also use login/password bind against our LDAP directory : It 
consumes 2
    connection per login (1 : search DN of the user, 2 : bind test with the 
provided
    password), and unfortunately, 
AbstractLdapUsernamePasswordAuthenticationHandler
    class uses only one contextSource to do thoses 2 different things. I 
modified the
    class and now I provide 2 contextSources : authContextSource (unpooled), and
    searchContextSource(pooled), It continues to work as expected and now I 
have only
    one SSL connection per login (except pooled connections indeed). Is it a 
good idea
    to do this way ?

    Rgds.
-- Philippe MARASSE 

    Service Informatique - Centre Hospitalier Henri Laborit
    BP 587 - 370 avenue Jacques Coeur
    86021 Poitiers Cedex
    Tel : 05.49.44.57.19



--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--
Philippe MARASSE

Service Informatique - Centre Hospitalier Henri Laborit
BP 587 - 370 avenue Jacques Coeur
86021 Poitiers Cedex
Tel : 05.49.44.57.19

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to