opendev/gerrit
Code Issues Proposed changes

Fix LDAP connection pool configuration.

Browse Source 
Commit cd04bbc1 introduced LDAP connection pooling but it made a wrong
assumption that connection pool settings can be provided as env
variables.

According to [1] and also [2] the LDAP connection pool configuration is
done via JVM system properties. Only "com.sun.jndi.ldap.connect.pool" is
specified as an env variable.

[1] http://docs.oracle.com/javase/7/docs/technotes/guides/jndi/jndi-ldap.html#POOL
[2] http://stackoverflow.com/questions/22411967/which-ldap-jndi-provider-pool-settings-are-system-properties-and-which-are-envi

Change-Id: I71eb1934a23d658a1801afcd125895c59b69581e
This commit is contained in:
Saša Živkov
2015-01-19 17:04:43 +01:00
committed by Edwin Kempin
parent 303701adaa
commit 5049f5123b
2 changed files with 20 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
Documentation/config-gerrit.txt
View File

@@ -2505,64 +2505,22 @@ etc...
+ +
By default there is no timeout and Gerrit will wait indefinitely. By default there is no timeout and Gerrit will wait indefinitely.
[[ldap.poolAuthentication]]ldap.poolAuthentication:: [[ldap-connection-pooling]]
+ ==== LDAP Connection Pooling
_(Optional)_ A list of space-separated authentication types of Once LDAP connection pooling is enabled by setting the link:#ldap.useConnectionPooling[
connections that may be pooled. Valid types are "none", "simple", ldap.useConnectionPooling] configuration property to `true`, the connection pool
and "DIGEST-MD5". can be configured using JVM system properties as explained in the
+ link:http://docs.oracle.com/javase/7/docs/technotes/guides/jndi/jndi-ldap.html#POOL[
Default is "none simple". Java SE Documentation].
[[ldap.poolDebug]]ldap.poolDebug:: For standalone Gerrit (running with the embedded Jetty), JVM system properties
+ are specified in the link:#container[container section]:
_(Optional)_ A string that indicates the level of debug output
to produce. Valid values are "fine" (trace connection creation
and removal) and "all" (all debugging information).
[[ldap.poolInitsize]]ldap.poolInitsize:: ----
+ javaOptions = -Dcom.sun.jndi.ldap.connect.pool.maxsize=20
_(Optional)_ The string representation of an integer that javaOptions = -Dcom.sun.jndi.ldap.connect.pool.prefsize=10
represents the number of connections per connection identity javaOptions = -Dcom.sun.jndi.ldap.connect.pool.timeout=300000
to create when initially creating a connection for the identity. ----
+
Default is 1.
[[ldap.poolMaxsize]]ldap.poolMaxsize::
+
_(Optional)_ The string representation of an integer that
represents the maximum number of connections per connection
identity that can be maintained concurrently.
+
Default is 0, means that there is no maximum size: A request for
a pooled connection will use an existing pooled idle connection
or a newly created pooled connection.
[[ldap.poolPrefsize]]ldap.poolPrefsize::
+
_(Optional)_ The string representation of an integer that
represents the preferred number of connections per connection
identity that should be maintained concurrently.
+
Default is 0, means that there is no preferred size: A request
for a pooled connection will result in a newly created connection
only if no idle ones are available.
[[ldap.poolProtocol]]ldap.poolProtocol::
+
_(Optional)_ A list of space-separated protocol types of
connections that may be pooled. Valid types are "plain" and "ssl".
+
Default is "plain".
[[ldap.poolTimeout]]ldap.poolTimeout::
+
_(Optional)_ Specify how long an idle connection may remain
in the pool without being closed and removed from the pool.
+
The value is in the usual time-unit format like "1 s", "100 ms",
etc...
+
By default there is no timeout.
[[mimetype]] [[mimetype]]
=== Section mimetype === Section mimetype

42
gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
View File

@@ -60,37 +60,6 @@ import javax.security.auth.login.LoginException;
@Singleton class Helper { @Singleton class Helper {
static final String LDAP_UUID = "ldap:"; static final String LDAP_UUID = "ldap:";
static private Map<String, String> getPoolProperties(Config config) {
if (LdapRealm.optional(config, "useConnectionPooling", false)) {
Map<String, String> r = Maps.newHashMap();
r.put("com.sun.jndi.ldap.connect.pool", "true");
String poolDebug = LdapRealm.optional(config, "poolDebug");
String poolTimeout = LdapRealm.optional(config, "poolTimeout");
r.put("com.sun.jndi.ldap.connect.pool.authentication",
LdapRealm.optional(config, "poolAuthentication", "none simple"));
if (poolDebug != null) {
r.put("com.sun.jndi.ldap.connect.pool.debug", poolDebug);
}
r.put("com.sun.jndi.ldap.connect.pool.initsize",
String.valueOf(LdapRealm.optional(config, "poolInitsize", 1)));
r.put("com.sun.jndi.ldap.connect.pool.maxsize",
String.valueOf(LdapRealm.optional(config, "poolMaxsize", 0)));
r.put("com.sun.jndi.ldap.connect.pool.prefsize",
String.valueOf(LdapRealm.optional(config, "poolPrefsize", 0)));
r.put("com.sun.jndi.ldap.connect.pool.protocol",
LdapRealm.optional(config, "poolProtocol", "plain"));
if (poolTimeout != null) {
r.put("com.sun.jndi.ldap.connect.pool.timeout", Long
.toString(ConfigUtil.getTimeUnit(poolTimeout, 0,
TimeUnit.MILLISECONDS)));
}
return r;
}
return null;
}
private final Cache<String, ImmutableSet<String>> parentGroups; private final Cache<String, ImmutableSet<String>> parentGroups;
private final Config config; private final Config config;
private final String server; private final String server;
@@ -102,7 +71,7 @@ import javax.security.auth.login.LoginException;
private volatile LdapSchema ldapSchema; private volatile LdapSchema ldapSchema;
private final String readTimeoutMillis; private final String readTimeoutMillis;
private final String connectTimeoutMillis; private final String connectTimeoutMillis;
private final Map<String, String> connectionPoolConfig; private final boolean useConnectionPooling;
@Inject @Inject
Helper(@GerritServerConfig final Config config, Helper(@GerritServerConfig final Config config,
@@ -133,7 +102,8 @@ import javax.security.auth.login.LoginException;
connectTimeoutMillis = null; connectTimeoutMillis = null;
} }
this.parentGroups = parentGroups; this.parentGroups = parentGroups;
this.connectionPoolConfig = getPoolProperties(config); this.useConnectionPooling =
LdapRealm.optional(config, "useConnectionPooling", false);
} }
private Properties createContextProperties() { private Properties createContextProperties() {
@@ -150,14 +120,14 @@ import javax.security.auth.login.LoginException;
if (connectTimeoutMillis != null) { if (connectTimeoutMillis != null) {
env.put("com.sun.jndi.ldap.connect.timeout", connectTimeoutMillis); env.put("com.sun.jndi.ldap.connect.timeout", connectTimeoutMillis);
} }
if (useConnectionPooling) {
env.put("com.sun.jndi.ldap.connect.pool", "true");
}
return env; return env;
} }
DirContext open() throws NamingException, LoginException { DirContext open() throws NamingException, LoginException {
final Properties env = createContextProperties(); final Properties env = createContextProperties();
if (connectionPoolConfig != null) {
env.putAll(connectionPoolConfig);
}
env.put(Context.SECURITY_AUTHENTICATION, authentication); env.put(Context.SECURITY_AUTHENTICATION, authentication);
env.put(Context.REFERRAL, referral); env.put(Context.REFERRAL, referral);
if ("GSSAPI".equals(authentication)) { if ("GSSAPI".equals(authentication)) {