tags:

views:

95

answers:

2
+4  Q: 

How to enable connection pooling over LDAP SSL?

Okay, so I'm moving my application over from non-SSL to SSL connections to my LDAP server. When running the application in non-SSL, connection pooling is working fine. However when I switch to SSL connection pools no longer work.

While researching here I realized that I never set the "com.sun.jndi.ldap.connect.pool.protocol" property to "plain ssl" since defaultly it is set to plain. I thought this was the problem.

When I implemented the change to include "plain ssl", it did not fix the problem and connection pools were still not being used.

Is there some other setting that I am missing?

Relevant code:

    Hashtable LDAPEnvironment = new Hashtable();
    LDAPEnvironment.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
    LDAPEnvironment.put(Context.SECURITY_PRINCIPAL, SECURITY_PRINCIPAL);
    LDAPEnvironment.put(Context.SECURITY_CREDENTIALS, SECURITY_CREDENTIALS);
    LDAPEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY);
    LDAPEnvironment.put(Context.PROVIDER_URL, PROVIDER_URL );
    LDAPEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
    LDAPEnvironment.put("java.naming.ldap.version", versionOfLDAP );

    if (ldapProtocol != null && ldapProtocol.equalsIgnoreCase("SSL")){
        LDAPEnvironment.put(Context.SECURITY_PROTOCOL,"ssl");
        LDAPEnvironment.put("com.sun.jndi.ldap.connect.pool.protocol","plain ssl");
    }

    LDAPEnvironment.put("com.sun.jndi.ldap.connect.pool", "true");
A: 

If you scroll down a little, at the link you provided (scroll to "How Connections are Pooled"), you'll see the explanation to how the pooling works.

When you request a pooled connection, you will get one only if ALL the specified properties are identical. And that's a long list of properties...

I your case this is:

  • connection controls
  • host name, port number as specified in the "java.naming.provider.url" property, referral, or URL supplied to the initial context
  • java.naming.security.protocol property
  • java.naming.ldap.version property
  • java.naming.security.principal property
  • java.naming.security.credentials property

If you always use the same constants when request a connection from the connection pool, I think you should get the same pooled connection. That is, if you set the com.sun.jndi.ldap.connect.pool.* properties properly - but I didn't see that in the code you provided.

If you did set the com.sun.jndi.ldap.connect.pool.* properties to sensible values, try setting com.sun.jndi.ldap.connect.pool.debug to fine. This will help you debug.

Another option is to use a framework, or a provider that supports connection pooling. Note that the pooling provided to you by Java is rather limited. I used Spring-Ldap in the past, and it has very good support.

Hope this helps.

Eran Harel  2010-10-01 15:32:48
Can you please elaborate? I have included the code snippet in edit above.
Fran Fitzpatrick  2010-10-04 20:43:41
Also, we are using only the 'simple' method, so it is only a handful of properties... and all those properties appear to be set.
Fran Fitzpatrick  2010-10-04 20:55:04
I edited my answer. I hope it helps.
Eran Harel  2010-10-05 08:09:00
Eran, do I really need to set all of the com.sun.jndi.ldap.connect.pool.* properties to get SSL pooled? Except for com.sun.jndi.ldap.connect.pool.protocol, all of the defaults should be good. --- Unless do you think com.sun.jndi.ldap.connect.pool.authentication should be "simple" since I have this line: LDAPEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
Fran Fitzpatrick  2010-10-05 14:58:58
A: 

I have found the problem. The documentation specifically states that the those properties are system properties and not environment properties. I was setting these as environment properties. :-)

Fran Fitzpatrick  2010-10-06 01:51:33

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java