The OpenDJ LDAP SDK example Proxy demonstrates a simple LDAP proxy that forwards requests to one or more remote directory servers. Although the implementation is intended as an example, it does demonstrate use of the asynchronous API, load balancing, and connection pooling.
The Proxy example sets up connections pools with load balancing to the
directory servers. It passes the connection factories to a
ProxyBackend
that handles the requests passed back
to the directory servers. It also sets up an LDAP listener to receive incoming
connections from clients of the Proxy.
The ProxyBackend
uses separate connection factories,
one for bind operations, the other for other operations. It uses the proxied
authorization control to ensure operations are performed using the bind
identity for the operation.
The ProxyBackend
's function is to handle each client
request, encapsulating the result handlers that allow it to deal with each
basic operation. It authenticates to the directory server to check incoming
credentials, and adds the proxied authorization control to requests other than
binds. The ProxyBackend
handles all operations using
asynchronous connections and methods.
As shown in the Proxy example, the
Connections.newFixedConnectionPool()
returns a connection
pool of the maximum size you specify.
final List<ConnectionFactory> factories = new LinkedList<~>(); factories.add(Connections.newFixedConnectionPool(Connections .newAuthenticatedConnectionFactory(Connections .newHeartBeatConnectionFactory(new LDAPConnectionFactory( remoteAddress, remotePort)), Requests.newSimpleBindRequest(proxyDN, proxyPassword.toCharArray())), Integer.MAX_VALUE));
Connections are returned to the pool when you close()
them. Notice that Connections
also provides methods to
return ConnectionFactory
s with a heart beat check on
connections provided by the factory, and connection factories that
authenticate connections before returning them.
Connections in the pool are intended for reuse. The Proxy gets an authenticated connection, which is a connection where the OpenDJ LDAP SDK passes a bind request immediately when getting the connection. The Proxy then uses proxied authorization to handle the identity from the client requesting the operation. As a rule, either handle binds separately and use proxied authorization as in the Proxy example, or else make sure that the first operation on a connection retrieved from the pool is a bind that correctly authenticates the user currently served by the connection.
When you close()
a connection from the pool, the
OpenDJ LDAP SDK does not perform an unbind()
. This is why
you must be careful about how you manage authentication on connections from a
pool.