Re: LDAPS Connection Pooling

[David Quiroga <qu...@gmail.com>]

Been doing some research...

Findings:

org.apache.shiro.realm.ldap.JndiLdapContextFactory.java
isPoolingEnabled() and setPoolingEnabled()

* However, pooling will only actually be enabled if this property is {@code
true} <em>and</em> the connection
* being created is for the {@link #getSystemUsername() systemUsername}
user. Connection pooling is not used for
* general authentication attempts by application end-users because the
probability of re-use for that same
* user-specific connection after an authentication attempt is extremely low.

So connection pooling only applies to the systemUsername/AD bind user

I didn't see that the protocol was changed to include SSL inside the code,
but there was a reference to https://issues.apache.org/jira/browse/SHIRO-305
in a test cases
which involves the protocol setting.

Conclusion:
If the systemUsername is running many searches the property should probably
be updated.
Don't have any strong evidence that anything should be changed from the
default.

But here is another article
involving com.sun.jndi.ldap.connect.pool.protocol
https://support.ca.com/us/knowledge-base-articles.TEC546653.html



On Wed, Dec 27, 2017 at 10:48 AM, David Quiroga <qu...@gmail.com>
wrote:
>
> Hello
>
> The default value of com.sun.jndi.ldap.connect.pool.protocol is plain,
meaning that "SSL" connections are not pooled.
>
> https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html
>
> It seems like Shiro relies on com.sun.jndi.ldap in some cases.
>
> Does anyone know if Shiro when connection pooling enabled will also pool
"SSL" connections or will it rely on the default?
>
> Hope that makes sense. Please let me know if clarification is needed.
>
> Thank you for your time.
> -David
>
>