Versions Compared

Old Version 83

changes.mady.by.user v54drcgvfsbqetkh+fckh2isp54=@https://idp.gakunin.nii.ac.jp/idp/shibboleth

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Fisher

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Include connectionRetryExceptions when configuring a connectionStrategy

...

Code Block
titleExample JAAS config for two LDAP servers used for failover
ShibUserPassAuth {
  edu.vt.middleware.ldap.jaas.LdapLoginModule required
     ldapUrl="ldap://ldap1.example.org:636 ldap://ldap2.example.org:636"
     ssl="true"
     connectionHandler="edu.vt.middleware.ldap.handler.DefaultConnectionHandler{{connectionStrategy=ACTIVE_PASSIVE}{connectionRetryExceptions=javax.naming.CommunicationException}}"
     timeout="1000"
     baseDn="ou=users,dc=example,dc=org"
     subtreeSearch="true"
     userFilter="uid={0}"
     bindDn="<ldapservicedn>"
     bindCredential="<password>";
};

...

Code Block
     connectionHandler="edu.vt.middleware.ldap.handler.TlsConnectionHandler{{connectionStrategy=ACTIVE_PASSIVE}{connectionRetryExceptions=javax.naming.CommunicationException}}"

The test to make sure this works is to have all LDAP servers running, start up the IdP and then disconnect the first LDAP server. If authentication and attribute resolution still works without an unreasonable long delay.

...