Geek Answers Handbook

How do I enable LDAP SSL pooling?

Ok, so I am migrating the application from SSL connections with SSL to my LDAP server. When the application starts in non-SSL, the pool connection is working fine. However, when I switch to SSL connections, the pools no longer work.

When researching here, I realized that I never set the com.sun.jndi.ldap.connect.pool.protocol property for "plain ssl", since by default it is set to equal. I thought this was a problem.

When I implemented this change to enable "plain ssl", it did not fix the problem and connection pools were still not used.

Are there any other settings that I am missing?

Relevant Code:

Hashtable LDAPEnvironment = new Hashtable(); LDAPEnvironment.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION); LDAPEnvironment.put(Context.SECURITY_PRINCIPAL, SECURITY_PRINCIPAL); LDAPEnvironment.put(Context.SECURITY_CREDENTIALS, SECURITY_CREDENTIALS); LDAPEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY); LDAPEnvironment.put(Context.PROVIDER_URL, PROVIDER_URL ); LDAPEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple"); LDAPEnvironment.put("java.naming.ldap.version", versionOfLDAP ); if (ldapProtocol != null && ldapProtocol.equalsIgnoreCase("SSL")){ LDAPEnvironment.put(Context.SECURITY_PROTOCOL,"ssl"); LDAPEnvironment.put("com.sun.jndi.ldap.connect.pool.protocol","plain ssl"); } LDAPEnvironment.put("com.sun.jndi.ldap.connect.pool", "true");
+4
source share
2 answers

I found a problem. The documentation states that these properties are properties of system properties and not . I set them as environment properties. :-)

+1
source

If you scroll the link a little at the specified link (scroll to “ How joins join ”), you will see an explanation of how joining works.

When you request a federated connection, you will receive it only if ALL of the properties specified are identical. And this is a long list of properties ...

In your case, this is:

  • connection control
  • host name, port number specified in the property "java.naming.provider.url", referral or URL provided in the source context
  • java.naming.security.protocol property
  • java.naming.ldap.version property
  • java.naming.security.principal property
  • java.naming.security.credentials property

If you always use the same constants when requesting a connection from the connection pool, I think you should get the same join. That is , if you set the properties com.sun.jndi.ldap.connect.pool correctly. * , but I did not see this in the code that you specified.

If you set the properties com.sun.jndi.ldap.connect.pool. * at reasonable values, try installing com.sun.jndi.ldap.connect.pool.debug in order. This will help you debug.

Another option is to use a framework or provider that supports pooling. Please note that the union provided to you by Java is rather limited. I have used Spring-LDap in the past and it has very good support.

Hope this helps.

0
source

More articles:


All Articles