如何在 Java EE 容器中设置 LDAP 连接池?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/334816/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I set up an LDAP connection pool in a Java EE Container?
提问by Nicholas Trandem
I need to put an LDAP contextSource into my Java EE container's JNDI tree so it can be used by applications inside the container.
我需要将 LDAP contextSource 放入我的 Java EE 容器的 JNDI 树中,以便容器内的应用程序可以使用它。
I'm using Spring-LDAP to perform queries against ORACLE OVD. For development, I simply set up the contextSource in the Spring xml configuration file. For production, however, I need to be able to use a JNDI lookup to grab the connection/context from the container (as suggested here: http://forum.springframework.org/showthread.php?t=35122&highlight=jndi). I'm not allowed to have access to the URL/username/pwd for the production OVD instance, so that seems to rule out putting it in a jndi.properties file.
我正在使用 Spring-LDAP 对 ORACLE OVD 执行查询。对于开发,我只是在Spring xml配置文件中设置了contextSource。但是,对于生产,我需要能够使用 JNDI 查找从容器中获取连接/上下文(如此处建议:http: //forum.springframework.org/showthread.php?t=35122&highlight=jndi )。我不允许访问生产 OVD 实例的 URL/用户名/密码,因此似乎排除将其放入 jndi.properties 文件的可能性。
Ideally, I'd like to have a pool of connections (just like JDBC), as my application may have many LDAP queries executing at the same time. Grabbing the object from a JNDI lookup and injecting it into my SimpleLdapTemplate seems pretty straightforward, but I'm at a loss as to how to get the connection/context/pool into the JNDI tree. Would I need to construct it and package it into a RAR? If so, what are some options for letting the operations team specify the URL/username/pwd in a way that they are not accessible to the developers?
理想情况下,我希望有一个连接池(就像 JDBC),因为我的应用程序可能同时执行许多 LDAP 查询。从 JNDI 查找中获取对象并将其注入我的 SimpleLdapTemplate 似乎非常简单,但我不知道如何将连接/上下文/池放入 JNDI 树中。我需要构建它并将其打包成 RAR 吗?如果是这样,有哪些选项可以让运营团队以开发人员无法访问的方式指定 URL/用户名/密码?
The specific container I'm using is OAS/OC4J, though I welcome strategies that have worked on other containers as well.
我使用的特定容器是 OAS/OC4J,不过我也欢迎在其他容器上使用的策略。
回答by Nicholas
Specifically in reference to the actual pooling of LDAP connections, if you are using the built in JNDI LDAP provider, the connections are pooled already using semantics similar to JDBC data sources where separate pools are maintained for different LDAP URLs and security properties.
特别是关于 LDAP 连接的实际池,如果您使用内置的 JNDI LDAP 提供程序,连接池已经使用类似于 JDBC 数据源的语义,其中为不同的 LDAP URL 和安全属性维护单独的池。
When creating a JNDI DirContext, configure the property com.sun.jndi.ldap.connect.pool to be trueand pooling will be enabled.
创建 JNDI 时DirContext,将属性 com.sun.jndi.ldap.connect.pool 配置为true并启用池化。
There is more information on LDAP pooling here.
此处提供了有关 LDAP 池的更多信息。
Details on configuring LDAP pooling are here.
此处提供了有关配置 LDAP 池的详细信息。
回答by Spencer Kormos
Any chance you can setup a dev version of LDAP and use that? Then you can use a jndi.properties file, which would be environment specific, but agnostic to your system.
您有机会设置开发版本的 LDAP 并使用它吗?然后您可以使用 jndi.properties 文件,该文件特定于环境,但与您的系统无关。
Edit: the difference here is that when you build your app, your admin can deploy it to the production system, thereby protecting the precious ldap password as it only exists in the properties file on the production box.
编辑:这里的区别在于,当您构建应用程序时,您的管理员可以将其部署到生产系统,从而保护宝贵的 ldap 密码,因为它只存在于生产设备的属性文件中。
回答by Spencer Kormos
With jboss, you can federate external JNDI contexts into the JBoss server JNDI namespace. All you have to do is to describe the LDAP access in a MBean configuration file. You can also enable caching.
使用 jboss,您可以将外部 JNDI 上下文联合到 JBoss 服务器 JNDI 命名空间中。您所要做的就是在 MBean 配置文件中描述 LDAP 访问。您还可以启用缓存。
We're using this solution to access an Ative Directory server.
我们正在使用此解决方案访问 Ative Directory 服务器。
