[jira] [Commented] (FC-42) Avoid pulling a new connection from the LDAP connection pool

Wed, 20 May 2015 07:51:38 -0700 

    [ 
https://issues.apache.org/jira/browse/FC-42?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14552420#comment-14552420
 ] 

lucas theisen commented on FC-42:
---------------------------------

[~smckinney], the intention behind this factory was that you would effectively 
need only one pool.  The pool would maintain admin bound connections.  If used 
for authentication (bind), then it would be detected upon being returned and 
the connection would be rebound with the admin credentials.  If not, it would 
just get added back to the pool.  I am not familiar with the use case for a 
separate pool for logging, but I do not have experience with openldap (perhaps 
some special privileged non-admin account?).

As far as TLS, if StartTLS is performed on the connection after being checked 
out then it would be only for the duration of that checkout.  And since there 
is no StopTLS (or the like), the connection is closed, opened, and rebound upon 
being returned.  Right now, the factory does not issue StartTLS, however, 
thinking about it, that may be a useful option to the factory to StartTLS upon 
connection.  I personally use ldaps (or ldap in a trusted environment behind a 
firewall) so I have not had need to do this.  Though I imagine it would be 
quite useful...

Anyway, you should be able to get away with one connection pool if you use this 
factory.  If not, I would be interested in hearing why (for my own knowledge).

> Avoid pulling a new connection from the LDAP connection pool
> ------------------------------------------------------------
>
>                 Key: FC-42
>                 URL: https://issues.apache.org/jira/browse/FC-42
>             Project: FORTRESS
>          Issue Type: Improvement
>    Affects Versions: 1.0.0-RC39
>            Reporter: Emmanuel Lecharny
>             Fix For: 1.0.0-RC41
>
>
> Atm, everytime we want to send a request to the LDAP server, we are acquiring 
> a connection from the LDAP pool of connections. It's quite expensive, as each 
> connection has to be rebind everytime we push it back, and we do a validation 
> (thus a read) everytime we ask back a connection. 
> If we were to pass the connection we picked in the first call to all the 
> methods, we would save those costly Bind and check. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to