New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ldaptive namespaces for connection config/pool #56

Closed
mmoayyed opened this Issue Oct 10, 2015 · 10 comments

Comments

Projects
None yet
3 participants
@mmoayyed
Copy link
Contributor

mmoayyed commented Oct 10, 2015

I have the following configuration:

<bean id="ldapCertFetcher"
          class="org.jasig.cas.adaptors.x509.authentication.handler.support.ldap.LdaptiveResourceCRLFetcher"
          c:connectionConfig-ref="provisioningConnectionConfig"
          c:searchExecutor-ref="searchExecutor"  />

    <bean id="poolingLdapCertFetcher"
          class="org.jasig.cas.adaptors.x509.authentication.handler.support.ldap.PoolingLdaptiveResourceCRLFetcher"
          c:connectionConfig-ref="provisioningConnectionConfig"
          c:searchExecutor-ref="searchExecutor"
          c:connectionPool-ref="connectionPool"/>

Could there be a way for me to configure connection config and connection pools separately via ldaptive namespaces?

@mmoayyed

This comment has been minimized.

Copy link
Contributor

mmoayyed commented Oct 10, 2015

Full XML config:

 <bean id="searchExecutor" class="org.ldaptive.SearchExecutor"
          p:baseDn-ref="baseDn"
          p:searchFilter-ref="searchFilter"
          p:returnAttributes-ref="returnAttributes"
          p:binaryAttributes-ref="returnAttributes" />

    <bean id="provisioningConnectionFactory" class="org.ldaptive.DefaultConnectionFactory"
          p:connectionConfig-ref="provisioningConnectionConfig"
          p:provider-ref="unboundidLdapProvider"  />

    <bean id="unboundidLdapProvider"
          class="org.ldaptive.provider.unboundid.UnboundIDProvider"/>

    <bean id="provisioningConnectionConfig" class="org.ldaptive.ConnectionConfig"
          p:connectTimeout="${ldap.connectTimeout}"
          p:useStartTLS="${ldap.useStartTLS: false}"
          p:connectionInitializer-ref="bindConnectionInitializer"
          p:sslConfig-ref="provisionSslConfig"/>

    <bean id="provisionSslConfig" class="org.ldaptive.ssl.SslConfig">
        <property name="credentialConfig">
            <bean class="org.ldaptive.ssl.KeyStoreCredentialConfig" />
        </property>
    </bean>

    <bean id="bindConnectionInitializer"
          class="org.ldaptive.BindConnectionInitializer"
          p:bindDn="${ldap.managerDn}">
        <property name="bindCredential">
            <bean class="org.ldaptive.Credential"
                  c:password="${ldap.managerPassword}" />
        </property>
    </bean>

    <bean id="connectionPool"
          class="org.ldaptive.pool.BlockingConnectionPool"
          lazy-init="true"
          p:poolConfig-ref="ldapPoolConfig"
          p:blockWaitTime="${ldap.pool.blockWaitTime}"
          p:validator-ref="searchValidator"
          p:pruneStrategy-ref="pruneStrategy" />

    <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
          p:prunePeriod="${ldap.pool.prunePeriod}"
          p:idleTime="${ldap.pool.idleTime}" />

    <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />

    <bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
          p:minPoolSize="${ldap.pool.minSize}"
          p:maxPoolSize="${ldap.pool.maxSize}"
          p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
          p:validatePeriodically="${ldap.pool.validatePeriodically}"
          p:validatePeriod="${ldap.pool.validatePeriod}" />
@dfish3r

This comment has been minimized.

Copy link
Member

dfish3r commented Oct 10, 2015

Sounds like a feature request for a separate connection-config declaration.
Post what you think the ldaptive namespace XML should look like.

@mmoayyed

This comment has been minimized.

Copy link
Contributor

mmoayyed commented Oct 10, 2015

Example:

<ldaptive:connection-config id="provisioningConnectionConfig"
                                connectTimeout="${ldap.connectTimeout}"
                                useStartTLS="${ldap.useStartTLS: false}"
                                provider="org.ldaptive.provider.unboundid.UnboundIDProvider"
                                bindDn="${ldap.managerDn}"
                                bindCredential="${ldap.managerPassword}"
    />

    <ldaptive:connection-pool id="connectionPool"
                              blockWaitTime="${ldap.pool.blockWaitTime}"
                              prunePeriod="${ldap.pool.prunePeriod}"
                              idleTime="${ldap.pool.idleTime}"
                              minPoolSize="${ldap.pool.minSize}"
                              maxPoolSize="${ldap.pool.maxSize}"
                              validateOnCheckOut="${ldap.pool.validateOnCheckout}"
                              validatePeriodically="${ldap.pool.validatePeriodically}"
                              validatePeriod="${ldap.pool.validatePeriod}" />

    <ldaptive:search-executor id="searchExecutor" baseDn="${ldap.baseDn}"
                              filter="${ldap.searchfilter.cert}"
                              returnAttributes="${return.attributes:a,b,c}"
                              binaryAttributes="${binary.attributes:a,b,c}" />
@mmoayyed

This comment has been minimized.

Copy link
Contributor

mmoayyed commented Oct 10, 2015

I would presume this is a pretty non-intrusive change, so hopefully it could be included in a 1.1.1 type of release. I am scanning the rest of the docs to see what else may be prove useful.

@mmoayyed

This comment has been minimized.

Copy link
Contributor

mmoayyed commented Oct 10, 2015

I looked at the CAS SPNEGO config and it pretty much uses the same approach as above to figure out the ldap attribute required for SPNEGO activation. So what I outlined above should be sufficient for both x509 and SPNEGP authN in CAS at least.

dfish3r added a commit that referenced this issue Dec 1, 2015

@tduehr

This comment has been minimized.

Copy link
Contributor

tduehr commented Jan 5, 2016

Take a look at #62 I did a bunch of stuff like that there Most of these classes probably only need to inherit from AbstractSimpleBeanDefinitionParser.

@mmoayyed

This comment has been minimized.

Copy link
Contributor

mmoayyed commented Jan 17, 2016

@dfish3r Judging by that commit, I assume this is almost ready?

@dfish3r

This comment has been minimized.

Copy link
Member

dfish3r commented Jan 26, 2016

It's close. I'm putting aside my frustration at not being able to support this use case directly with the API.

dfish3r added a commit that referenced this issue Jan 27, 2016

Fix for #56.
Add support for connection-config and connection-pool.
Change protected parse methods to optionally accept a builder.
@mmoayyed

This comment has been minimized.

Copy link
Contributor

mmoayyed commented Feb 12, 2016

@dfish3r Is it possible to configure a retry behavior via namespaces? I fail to see an option that would allow me to configure retries and wait times between retries. It appears that by default, some form of retry is activated, but it would also be good to have control over that setting.

@dfish3r

This comment has been minimized.

Copy link
Member

dfish3r commented Mar 15, 2016

It is possible to configure retry for ldap operations. (Search, bind, etc).
File a separate issue for that functionality.

@dfish3r dfish3r closed this Mar 15, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment