About the LDAP Resource Adaptor

The LDAP resource adaptor lets you connect from a Rhino SLEE to LDAP servers, to search and retrieve directory entries.

Features include:

  • Asynchronous query API — exposes a resource adaptor type that provides an asynchronous API, in an OpenCloud namespace.

  • Graceful connection establishment — provides "graceful" connections to LDAP servers, which must successfully respond to N "poll" query operations (read-only queries on specific DNs), before being used for outgoing client requests ; keeps an LDAP server from being swamped with requests immediately after it (re)starts and begins accepting connections.

  • LDAP searches — lets you use the API to perform LDAP Search operations.

  • LDAP server groups — supports LDAP server groups.

Topics

This document includes the following topics:

Topic Explains how to…​

Configuring the LDAP Resource Adaptor

configure the resource adaptor using properties

Monitoring resource adaptor statistics

monitor statistics

More information

Configuring the LDAP Resource Adaptor

To configure the LDAP RA, you declare the following properties in its deployment descriptor:

Name Type Default Description

User

String

LDAP user to use for each connection

Password

String

LDAP password to use for each connection

Host

String

LDAP server group information to use for the connections

LDAPVersion

Integer

3

version of the protocol to use; can be 2 or 3

ConnectionTimeout

Integer

5

defines how long, in seconds, the RA should wait when trying to establish a TCP connection with a remote peer

QueryTimeout

Integer

2000

timeout, in milliseconds, for a specific query

MaxConnections

Integer

20

how many TCP connections the RA will hold open

MinConnections

Integer

10

how few TCP connections the RA will hold open (assuming the LDAP servers are reachable)

MaxQueueSize

Integer

MaxConnections*3

how many queued queries will wait for a thread pool thread before they execute

MaxQueueTime

Integer

5000

how long, in milliseconds, a query will wait in the queue before it executes

PollInterval

Integer

5000
time, in milliseconds, between polls on a new connection to an LDAP server (for the "graceful connection establishment" feature)

PollCount

Integer

2
how many successful polls before sending regular queries to the LDAP server (for the "graceful connection establishment" feature)

PollDN

String

null
LDAP DN to use for poll queries (for the "graceful connection establishment" feature)

PollSearchFilter

String

specify the LDAP search filter

PollSearchScope

String

specify the LDAP search scope

PollSuccessResultCodes

String

null
specify a list of result codes that should not be treated as poll failures. (for the "graceful connection establishment" feature)

IdleTimeout

Integer

0
how long, in milliseconds, to wait before closing idle connections 0 = do not close based on idle time

MaxQueriesPerConnection

Integer

0
how many queries a specific TCP connection can have before it closes 0 = do not close based on based on number of queries

LDAP server groups

LDAP server groups are sets of servers where one is a primary server, and the rest are backup servers. Queries go to the primary server if available, otherwise to the backup server(s). For multiple server groups, the RA balances queries are across groups.

You specify all LDAP server groups in a single string, white-space separated; and each server name may optionally contain a port number to use instead of the default LDAP port (389). For example:

Server group configuration What it specifies

server1:389

1 group of 1 server

server1:389,server2:589

2 groups, each with 1 server

server1 server2,server3

2 groups, 1 with a backup server (server2)

Monitoring resource adaptor statistics

The LDAP RA’s statistics are available under the parameter-set name LDAP-RA.ldap.Queries; so you can monitor them using this command:

$ rhino-stats -m LDAP-RA.ldap.Queries

Statistics parameter set

A list of statistics with descriptions can be displayed with the rhino-stats -l command:

Parameter Set: LDAP-RA.ldap.Queries
Parameter Set Type: ResourceAdaptorID[name=LDAP,vendor=OpenCloud,version=2.2].LDAPStats
Description: Statistics for the LDAP RA

Counter type statistics:
  Id: Name:              Label:       Description:
  0   availableThreads   availThrd    Current number of threads available to perform queries
  1   queries            queries      Number LDAP queries started by the RA
  2   successfulQueries  success      Number of successful LDAP queries
  3   failedQueries      failed       Number of failed LDAP queries
  4   rejectedQueries    reject       Number of search tasks that were rejected because the queue was full
  5   activeConnections  connections  Current number of active connections to the LDAP server
  6   queueSize          qsize        Current number of queued search tasks waiting to be executed
  7   queueTimeouts      timeouts     Number of search tasks that timed out waiting on the queue

Sample type statistics:
  Id: Name:          Label:     Description:
  8   queueWaitTime  qwait      Time spent by search tasks waiting in the queue
  9   connWaitTime   connwait   Time spent obtaining an LDAP connection from the pool
  10  queryTime      querytime  Time spent waiting for the search response

Resource Adaptor Type API

Note LDAP Resource Adaptor Type API Javadoc