Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8217606

LdapContext#reconnect always opens a new connection

    Details

      Description

      ADDITIONAL SYSTEM INFORMATION :
      Behavior should be the same for all OS versions.

      A DESCRIPTION OF THE PROBLEM :
      The LdapContext#reconnect method allows LDAP clients to initiate an LDAP bind operation on the existing connection. Invoking this method should not open a new connection under those circumstances.

      The change in this commit: https://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/021b47694183
      adds a reconnect flag that does not discriminate, causing a new connection to be opened even in the case of performing a bind.

      I believe further analysis will show that the previous open connection is also orphaned, that is it does not get properly torn down.

      REGRESSION : Last worked in version 8u191

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      You will need an LDAP server and an entry on that server with ACLs that allow you to bind as that entry.
      Compile and execute the supplied source code, providing (3) command line arguments:
      1) the URL for the LDAP server
      2) the DN of the entry to bind as
      3) the password for the DN

      From a command line execute:
      java JndiReconnectBug ldap://my.ldap-server.domain 'uid=test,ou=account,dc=org,dc=domain' 'password'

      During the first sleep, examine the open connections from your host to the directory.
      (netstat is a common tool for this)
      During the second sleep, examine the open connections again


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      During the first sleep you will see the open connection created by instantiating the InitialLdapContext.

      During the second sleep you will see the same connection that has performed an LDAP bind operation.

      ACTUAL -
      During the first sleep you will see the open connection created by instantiating the InitialLdapContext.

      During the second sleep you will see the original connection and a new connection created by the call to reconnect.

      ---------- BEGIN SOURCE ----------
      import java.nio.charset.StandardCharsets;
      import java.util.Hashtable;
      import javax.naming.ldap.InitialLdapContext;

      public final class JndiReconnectBug
      {
        public static void main(String[] args) throws Exception {
          Hashtable<String, Object> env = new Hashtable<>();
          env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
          env.put("java.naming.ldap.version", "3");
          env.put("java.naming.provider.url", args[0]);

          // open connection
          InitialLdapContext context = new InitialLdapContext(env, null);
          System.out.println("Check open connections");
          Thread.sleep(10000);

          // send bind request
          context.addToEnvironment("java.naming.security.authentication", "simple");
          context.addToEnvironment("java.naming.security.principal", args[1]);
          context.addToEnvironment("java.naming.security.credentials", args[2].getBytes(StandardCharsets.UTF_8));
          context.reconnect(null);
          System.out.println("Check open connections");
          Thread.sleep(10000);
        }
      }

      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      No work around found.


      FREQUENCY : always


        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vtewari Vyom Tewari
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: