Actually, after some minutes later, client requests result in new BIND attempt. So the GF ldapRealm has a timeout, I wonder how to control this timeout.
Still, different client instances using the same authentication context seems to be the case. Glassfish bind w/ ldap and then caches the Principals, only retrieve user and groups info (not password until Principal times out).
LDAP access trace shows only ldapsearch:
conn=2203 op=4 msgId=5 - SRCH base="ou=users,dc=company,dc=com" scope=2 filter="(uid=clientuser)" attrs="dn"
conn=2203 op=5 msgId=6 - SRCH base="ou=users,dc=company,dc=com" scope=2 filter="(uniqueMember=uid=clientuser,ou=users,dc=company,dc=com)" attrs="cn"
conn=2203 op=6 msgId=7 - SRCH base="ou=users,dc=company,dc=com" scope=2 filter="(&(objectClass=groupofuniquenames)(objectClass=*groupofurls*))" attrs="cn memberURL objectClass javaSerializedData javaClassName javaFactory javaCodebase javaReferenceAddress javaClassNames javaremotelocation"
Julia
[Message sent by forum member 'zhang8572' (zhang8572_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=384869