每次从Ldap连接池返回新连接时
我已经在我的项目中实现了LDAP连接池,并注意到一个奇怪的行为,每次新连接请求到来时,我配置的LDAP连接池都返回新连接,而不是重新使用返回池的现有连接。
LDAP JNDI日志 :
00:07:10,824 ERROR [stderr] (IPAdminGlobalDataReloader) Create and use com.sun.jndi.ldap.LdapClient@46728c0f[eun2p3-be.stp-qa.st.com:636] 00:07:12,222 ERROR [stderr] (IPAdminGlobalDataReloader) Release com.sun.jndi.ldap.LdapClient@46728c0f 00:07:46,704 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@674b68bd expired 00:08:46,707 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@46728c0f expired 00:22:26,329 ERROR [stderr] (IPAdminGlobalDataReloader) Create com.sun.jndi.ldap.LdapClient@386bfda[eun2p3-be.stp-qa.st.com:636] 00:22:26,333 ERROR [stderr] (IPAdminGlobalDataReloader) Create and use com.sun.jndi.ldap.LdapClient@6d9f3716[eun2p3-be.stp-qa.st.com:636] 00:22:27,748 ERROR [stderr] (IPAdminGlobalDataReloader) Release com.sun.jndi.ldap.LdapClient@6d9f3716 00:22:46,730 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@386bfda expired 00:23:46,734 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@6d9f3716 expired 00:37:45,242 ERROR [stderr] (IPAdminGlobalDataReloader) Create com.sun.jndi.ldap.LdapClient@4a21c217[eun2p3-be.stp-qa.st.com:636] 00:37:45,244 ERROR [stderr] (IPAdminGlobalDataReloader) Create and use com.sun.jndi.ldap.LdapClient@1b79ab6f[eun2p3-be.stp-qa.st.com:636] 00:37:46,759 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@4a21c217 expired 00:37:46,823 ERROR [stderr] (IPAdminGlobalDataReloader) Release com.sun.jndi.ldap.LdapClient@1b79ab6f 00:39:46,764 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@1b79ab6f expired 00:53:00,864 ERROR [stderr] (IPAdminGlobalDataReloader) Create com.sun.jndi.ldap.LdapClient@668fc34[eun2p3-be.stp-qa.st.com:636] 00:53:00,865 ERROR [stderr] (IPAdminGlobalDataReloader) Create and use com.sun.jndi.ldap.LdapClient@4674a7fb[eun2p3-be.stp-qa.st.com:636] 00:53:02,392 ERROR [stderr] (IPAdminGlobalDataReloader) Release com.sun.jndi.ldap.LdapClient@4674a7fb 00:53:46,787 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@668fc34 expired 00:54:46,791 ERROR [stderr] (Thread-65) Expired com.sun.jndi.ldap.LdapClient@4674a7fb expired 我的连接设置:
Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldaps://" + server + ":" + serverPort); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, pUserName); env.put(Context.SECURITY_CREDENTIALS, pPassword); env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory"); env.put(Context.SECURITY_PROTOCOL, "ssl"); env.put("com.sun.jndi.ldap.read.timeout", "300000"); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); // load the location of keystore that holds trusted root certificates from web.xml ServletContext context = ApplicationServlet.getApplication().getServlet().getServletContext(); String certificatePath = context.getInitParameter("AD_CERTIFICATE_PATH"); System.setProperty("javax.net.ssl.trustStore", certificatePath); // System.setProperty("javax.net.debug", "all"); // For connection pooling env.put("com.sun.jndi.ldap.connect.pool", "true"); System.setProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain ssl"); System.setProperty("com.sun.jndi.ldap.connect.pool.maxsize", poolMaxSize); System.setProperty("com.sun.jndi.ldap.connect.pool.prefsize", poolPrefSize); System.setProperty("com.sun.jndi.ldap.connect.pool.timeout", poolTimeOut); System.setProperty("com.sun.jndi.ldap.connect.pool.debug", "fine"); ctx = new InitialDirContext(env); return (DirContext) ctx;
感谢您确定根本原因在哪里,为什么每次创建新连接而不是重用。
您尚未实现任何连接池,您正在使用来自Sun的损坏的DirContext连接池。 这是不鼓励的。 看一下Spring LDAP的ContextSource池。 它工作得很好。
- 如何配置JDBC连接以使用与当前用户不同的AD用户?
- 密码的SPNEGO身份validation问题
- 使用JAAS LdapLoginModule通过ActiveDirectory进行身份validation时遇到FailedLoginException
- 在尝试使用unboundid LDAP SDK更改scala中的密码时,如何解决“WILL_NOT_PERFORM”MS AD回复?
- 如何使用Spring Security对Active Directory服务器进行身份validation?
- 使用LDAP / Java启用Active Directory用户
- 将Ldap用户与使用Java的组关联
- 用户解锁后,Windows机器上的Kerberos缓存票证无法重新生成
- 使用Spnego解密kerberos票