Commit 6835d7e8 authored by Speedy's avatar Speedy Committed by Dave Cridland

Enabled LDAP Connection Pooling

See http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap.html#pooling

LDAP Connection Pooling is disabled when using a custom ssl socket. The custom
socket was used to accept unsigned/untrusted/expired ssl certs. I removed the
use of the custom socket, and also added the required system property to enable
connection pooling when using SSL, which was missing.
parent e0be4248
...@@ -495,8 +495,6 @@ public class LdapManager { ...@@ -495,8 +495,6 @@ public class LdapManager {
// SSL // SSL
if (sslEnabled) { if (sslEnabled) {
env.put("java.naming.ldap.factory.socket",
"org.jivesoftware.util.SimpleSSLSocketFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl"); env.put(Context.SECURITY_PROTOCOL, "ssl");
} }
...@@ -523,6 +521,7 @@ public class LdapManager { ...@@ -523,6 +521,7 @@ public class LdapManager {
if (connectionPoolEnabled) { if (connectionPoolEnabled) {
if (!startTlsEnabled) { if (!startTlsEnabled) {
env.put("com.sun.jndi.ldap.connect.pool", "true"); env.put("com.sun.jndi.ldap.connect.pool", "true");
System.setProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain ssl");
} else { } else {
if (debug) { if (debug) {
// See http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html // See http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html
...@@ -566,7 +565,7 @@ public class LdapManager { ...@@ -566,7 +565,7 @@ public class LdapManager {
get details of the negotiated TLS session: cipher suite, get details of the negotiated TLS session: cipher suite,
peer certificate, etc. */ peer certificate, etc. */
try { try {
SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory()); SSLSession session = tls.negotiate();
context.setTlsResponse(tls); context.setTlsResponse(tls);
context.setSslSession(session); context.setSslSession(session);
...@@ -630,8 +629,6 @@ public class LdapManager { ...@@ -630,8 +629,6 @@ public class LdapManager {
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory); env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, getProviderURL(baseDN)); env.put(Context.PROVIDER_URL, getProviderURL(baseDN));
if (sslEnabled) { if (sslEnabled) {
env.put("java.naming.ldap.factory.socket",
"org.jivesoftware.util.SimpleSSLSocketFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl"); env.put(Context.SECURITY_PROTOCOL, "ssl");
} }
...@@ -687,7 +684,7 @@ public class LdapManager { ...@@ -687,7 +684,7 @@ public class LdapManager {
get details of the negotiated TLS session: cipher suite, get details of the negotiated TLS session: cipher suite,
peer certificate, etc. */ peer certificate, etc. */
try { try {
SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory()); SSLSession session = tls.negotiate();
ctx.setTlsResponse(tls); ctx.setTlsResponse(tls);
ctx.setSslSession(session); ctx.setSslSession(session);
...@@ -736,7 +733,6 @@ public class LdapManager { ...@@ -736,7 +733,6 @@ public class LdapManager {
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory); env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, getProviderURL(alternateBaseDN)); env.put(Context.PROVIDER_URL, getProviderURL(alternateBaseDN));
if (sslEnabled) { if (sslEnabled) {
env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl"); env.put(Context.SECURITY_PROTOCOL, "ssl");
} }
...@@ -780,7 +776,7 @@ public class LdapManager { ...@@ -780,7 +776,7 @@ public class LdapManager {
get details of the negotiated TLS session: cipher suite, get details of the negotiated TLS session: cipher suite,
peer certificate, etc. */ peer certificate, etc. */
try { try {
SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory()); SSLSession session = tls.negotiate();
ctx.setTlsResponse(tls); ctx.setTlsResponse(tls);
ctx.setSslSession(session); ctx.setSslSession(session);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment