Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8217606

LdapContext#reconnect always opens a new connection

    Details

    • Subcomponent:
    • Resolved In Build:
      b10
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        ADDITIONAL SYSTEM INFORMATION :
        Behavior should be the same for all OS versions.

        A DESCRIPTION OF THE PROBLEM :
        The LdapContext#reconnect method allows LDAP clients to initiate an LDAP bind operation on the existing connection. Invoking this method should not open a new connection under those circumstances.

        The change in this commit: https://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/021b47694183
        adds a reconnect flag that does not discriminate, causing a new connection to be opened even in the case of performing a bind.

        I believe further analysis will show that the previous open connection is also orphaned, that is it does not get properly torn down.

        REGRESSION : Last worked in version 8u191

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        You will need an LDAP server and an entry on that server with ACLs that allow you to bind as that entry.
        Compile and execute the supplied source code, providing (3) command line arguments:
        1) the URL for the LDAP server
        2) the DN of the entry to bind as
        3) the password for the DN

        From a command line execute:
        java JndiReconnectBug ldap://my.ldap-server.domain 'uid=test,ou=account,dc=org,dc=domain' 'password'

        During the first sleep, examine the open connections from your host to the directory.
        (netstat is a common tool for this)
        During the second sleep, examine the open connections again


        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        During the first sleep you will see the open connection created by instantiating the InitialLdapContext.

        During the second sleep you will see the same connection that has performed an LDAP bind operation.

        ACTUAL -
        During the first sleep you will see the open connection created by instantiating the InitialLdapContext.

        During the second sleep you will see the original connection and a new connection created by the call to reconnect.

        ---------- BEGIN SOURCE ----------
        import java.nio.charset.StandardCharsets;
        import java.util.Hashtable;
        import javax.naming.ldap.InitialLdapContext;

        public final class JndiReconnectBug
        {
          public static void main(String[] args) throws Exception {
            Hashtable<String, Object> env = new Hashtable<>();
            env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            env.put("java.naming.ldap.version", "3");
            env.put("java.naming.provider.url", args[0]);

            // open connection
            InitialLdapContext context = new InitialLdapContext(env, null);
            System.out.println("Check open connections");
            Thread.sleep(10000);

            // send bind request
            context.addToEnvironment("java.naming.security.authentication", "simple");
            context.addToEnvironment("java.naming.security.principal", args[1]);
            context.addToEnvironment("java.naming.security.credentials", args[2].getBytes(StandardCharsets.UTF_8));
            context.reconnect(null);
            System.out.println("Check open connections");
            Thread.sleep(10000);
          }
        }

        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        No work around found.


        FREQUENCY : always


          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  prappo Pavel Rappo
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: