I made some changes to the impl, btw. Instead of just caching the ldap users, I've also cached the ldap connections. Not all ldap servers return a hashed password (some return just a masked string, eg. ******) for the userPassword attribute of an ldap user so we can't do a comparison on it. You need to bind to the ldap server to authenticate, so I just cached the ldap connection of a user. For the ldap connections, I've set the TTL to 15secs., then 2 mins. TTL for the ldap users.
I ran a 'clean install' on archiva-parent against an Archiva repo using JDO and LDAP for authentication, and these are the results: - JDO: 7:04.998s - LDAP: 7:17.382s Thanks, Deng On Thu, Aug 25, 2011 at 10:07 AM, Deng Ching <[email protected]> wrote: > On Thu, Aug 25, 2011 at 1:44 AM, Brent Atkinson > <[email protected]>wrote: > >> Hi everyone, >> >> I actually ran into this when fixing the connection leaks. I realized it >> was >> probably building in too many assumptions, but I created and held onto the >> LdapCtxFactory in redback's LdapConnection for a very specific reason: >> connection pooling. The sun JNDI ldap implementation can pool connections >> sharing the same credentials *and config options* as long as they are >> created from the same LdapCtxFactory. >> >> http://download.oracle.com/javase/jndi/tutorial/ldap/connect/pool.html >> >> > Thanks Brent! We'll look into that. > > >> On Wed, Aug 24, 2011 at 8:57 AM, Wendy Smoak <[email protected]> wrote: >> >> > On Wed, Aug 24, 2011 at 2:45 AM, Deng Ching <[email protected]> wrote: >> > >> > > We're planning to use EhCache for this so we can also set a TTL >> > > (time-to-live) for the cached objects. A password change done from the >> > > webapp would flush the user in the cache. >> > >> > If you're using LDAP, would users be doing password changes from the >> > webapp? >> > >> > Making that TTL configurable by the admin would be good, then they can >> > trade off between extra calls to LDAP and 'how come my new password >> > doesn't work?'. >> > > Agreed. We'll add this functionality as well :) > > Thanks, > Deng >
