Kevin, We're running into a similar issue here at RU. It seems that the connection timeout doesn't work very well if the connections are already established. There appear to be two options: 1. Don't use pooling 2. Use Spring LDAP's pooling which does not rely on Sun's implementation.
We haven't tried #2 yet. Its something I want to look at but haven't had a chance to yet. If you get a chance to before we do, please post your results. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Fri, Oct 24, 2008 at 5:23 PM, Kevin S <[EMAIL PROTECTED]> wrote: > Hi, > > In my test environment, I am using BindLdapAuthenticationHandler (i.e., > using a service account), and have two ldap servers (AD) and pooled=true in > my AuthenticatedLdapContextSource (see below). > > If I gracefully shut down my first ldap server, failover works ok. However, > if I pull the power from the first ldap server (or disable its network > interface), the pooled connections are still being used by new logins, and > are not failing over. My browser shows a status 500 exception report, > complaining that an LDAP response read timed out - presumably after a read > for the user's DN times out. > > Is this expected? > > I assume the graceful shutdown terminates the pooled connection(s), but > obviously, not all shutdowns are nice. > I can't find a setting anywhere that would address it. There is a > com.sun.jndi.ldap.pool.timeout, but that relates to idle connections. > Not directly a CAS issue I know, but can anyone help, or should I just set > pooled=false ? > > Here's my AuthenticatedLdapContextSource: > > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > <value>ldap://dc0.test.local/</value> > <value>ldap://dc1.test.local/</value> > </list> > </property> > <property name="userName" value="cn=CAS > User,ou=ServiceAccounts,dc=test,dc=local"/> > <property name="password" value="secret"/> > <property name="pooled" value="true" /> > <property name="baseEnvironmentProperties"> > <map> > <entry key="com.sun.jndi.ldap.connect.timeout" value="3000"/> > <entry key="com.sun.jndi.ldap.read.timeout" value="5000"/> > <entry> > <key> > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > > My test environment is CAS 3.3, Tomcat 5.5.27, JDK 6u10, CentOS 5.2. > Authenticating to Active Directory 2003. > > Cheers, > Kevin > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
