Activity for Surendar Chandra
-
Surendar Chandra posted a comment on discussion Discussions
Awesome, We were worried about just this scenario (ran into similar issues with other interactions with external services). We pick up artifacts via maven. Any ideas when we will have a public release with this fix? Thanks again
-
I use the inMemoryLdapServer for some unit tests and call shutdown on them when done. In 4.0.7, it was fine but upgrading to 4.0.11 detects a thread leak of "Write Timeout Handler Timer". What is the best way to it down? Thanks @dirmgr
-
I'm using a FastestConnectServerSet for my LDAP connection pool. Suppose I have a pool with initialConnections=1, maxConnections=10 and total #servers=20. How many active TCP connections would I see when there is little to no LDAP traffic. I expect 1 TCP + 20 temporary probes but I seem to see way too many TCP connections. On a controlled setup, I only see 1 TCP connection but don't have visibility into when it grows. Thanks again.
-
May I request that you add the above description to the documentation? Very helpful (the caveats)
-
Thanks much; that is extremely helpful. So, if I remove schema caching, then I will pay for it in increased network traffic with the same functionality?
-
I create a connectionpool with initialConnections=1 and maxConnections=numberOfServersInPool. Taking a Java heap dump, each pool seems to take about 14MB for pool, 79MB for Schema and 12MB for healthCheck. Is there any way I can reduce this memory foot print? I do set these options; should I remove them? connectionOptions.setUseSchema(true) connectionOptions.setUsePooledSchema(true)
-
Thanks Neil. This was specifically to Active Directory but could be any server. I was afraid that I'd have to do what you suggested (because calling search on the connectionpool would've let you internally deal with the particular server going down rather that me deal with it).
-
I'm doing something like this: connectionPool.search("dc=example,dc=com", SearchScope.SUB, "(uid=john.doe)"); Except, in this deployment, I get a different result, seemingly when I talk to different servers in the pool. Something is not synchronized I suppose. How do I find the server that performed my search. I suppose I can do a connectionPool.getConnection(). Is there another way. Thanks much
-
Thanks
-
I use the FastestConnectServerSet. Periodically I create a new connection pool and let the old one be garbage collected by JVM. Should I explicitly close() the unused connection pools? Thanks
-
Thanks much. ActiveDirectory does not have entryUUID or nsuniqueid and so I presumed that it would just search on objectGUID. Will try with the unboundid ldapsearch.
-
I couldn't get much help from Microsoft folks as objectGUID is an indexed attribute and so searches ought to be fast. They suspect Java client issues? I am searching an AD server using a Java LDAP client from Linux. On some AD setups, searching by objectGUID is extremely slow; at one of our customer's, it consistently takes 60+ seconds. Searching using search base of the GUID looks like it might be faster. Shouldn't objectGUID be an indexed attribute? Why would it be that slow? In another customer,...
-
I noticed that the release notes for the latest version of the SDK mentions a fix "Updated the support for passphrase-based encryption to work around an apparent JVM bug in the support for some MAC algorithms that could cause them to create an incorrect MAC.". By any chance, could these be related?
-
I'm using the same Java code and credentials with SASL-DigestMD5. On a system where it usually works fine, sometimes I get "resultCode=49 (invalid credent ials), diagnosticMessage='8009030C: LdapErr: DSID-0C09056D, comment: AcceptSecurityContext error, data 52e, v2580^@', ldapSDKVersion=4.0.4, revision=27051". That looks like a valid error message except the credentials I entered used to work. The LDAP server is an ActiveDirectory. During these intervals, even ldapsearch fails. Any hints on why DigestMD5...
-
All my entryUUIDs from the inMemoryLdapServer are 0's. Tried to create a random one using * addRequest.setControls(new IgnoreNoUserModificationRequestControl(true)) addRequest.addAttribute("entryUUID", UUID.randomUUID.toString)* This call succeeds though I still get 0's. How do I make it return random UUIDs? Thanks much
-
Thanks Neil. I use a separate bindDN. I'm failing on search. Tried to search with baseDN of cn=... part, scope=BASE and the search finds nothing (no errors either).
-
I would like to get more info for a given DN (I actually got it by searching my InMemoryServer). So, I search the InMemoryServer with searchScope of BASE, baseDn of my DN and I get a exception: LDAPException(resultCode=32 (no such object), numEntries=0, numReferences=0, diagnosticMessage='Unable to perform the search because base entry 'dn:cn=user1,ou=People,dc=example,dc=com' does not exist in the server.', matchedDN='ou=People,dc=example,dc=com', ldapSDKVersion=4.0.7, revision=28484') I populated...
-
Ahh, that helped. Thanks much Neil
-
I have setFollowReferrals(true) on my search request. I am getting a LDAPException where the result code is ResultCode.REFERRAL. Yet, .getReferralURLs() on the exception returns a empty Array[String]. What am I doing wrong? How do I get the actual referral (or why didn't the setFollowReferrals process this? Thanks much
-
Thanks Jim WIlleke, it was the last scenario; not a subdomain. I do have two way trust between these domains. What good is it if I cannot search ;-(
-
Thanks for all the great work with the LDAP SDK. Not a LDAP question per se, I use whoami extension and on ActiveDirectory, I get in netbios format domain\sAMAccountName format. Usually I get example\user. When the user is in a different domain, I get eng\user (where eng is probably eng.example.com). How do you lookup this use using LDAP commands? I cannot search using sAMAccountName. Thanks much
-
Thanks for the detailed response. I was afraid of that but that makes sense; in some of the complex/broken setups, there are LDAP and LDAPS for the same domain. Some of the LDAP servers advertise StartTLS. Some of those fail to actually switch. I would like to prioritize them and so looks like my own ServerSet is the way to go. WIll look at other implementations for guidance. Thanks much
-
I have a weird setup where we have LDAP and LDAPS servers responding to SRV records. How can I use them appropriately (SSL for LDAPS). Also, some of the LDAP servers support StartTLS. Is it possible to define a beast that does SSL (for LDAPS), check whether StartTLS is supported and if so use it or not. If this is not possible, can I resolve the servers separately and use say FastestConnectServerSet() where some servers are LDAPS and others are not? Is there another way to implement this with connection...
1