-
Bug
-
Resolution: Not a bug
-
Medium
-
None
-
2.5.4
-
None
-
Confluence 2.5.4 Standalone, Windows 2003 Server
When LDAP connection pooling is configured, the individual LDAP binds that verify a user's ID/password do not utilize the LDAP connection pool. Instead, a new connection is created and terminated directly after the LDAP bind is attempted. Here is an example LDAP trace showing the connection pool start up and the new connection(s) created for the user's bind attempt.
Creating Connection Pool of 10 LDAP connections
[2007/07/16 15:31:17] New cleartext connection 0x9ea97000 from 172.20.240.95:1840, monitor = 0x73, index = 7 [2007/07/16 15:31:17] New cleartext connection 0x9ea97540 from 172.20.240.95:1841, monitor = 0x73, index = 8 [2007/07/16 15:31:17] New cleartext connection 0x9ea97620 from 172.20.240.95:1842, monitor = 0x73, index = 9 [2007/07/16 15:31:17] New cleartext connection 0x9ea97700 from 172.20.240.95:1844, monitor = 0x73, index = 10 [2007/07/16 15:31:17] New cleartext connection 0x9ea977e0 from 172.20.240.95:1843, monitor = 0x73, index = 11 [2007/07/16 15:31:17] New cleartext connection 0x9ea979a0 from 172.20.240.95:1845, monitor = 0x73, index = 13 [2007/07/16 15:31:17] New cleartext connection 0x9ea97a80 from 172.20.240.95:1846, monitor = 0x73, index = 14 [2007/07/16 15:31:17] New cleartext connection 0x9ea97b60 from 172.20.240.95:1847, monitor = 0x73, index = 15 [2007/07/16 15:31:17] New cleartext connection 0x9ea97c40 from 172.20.240.95:1848, monitor = 0x73, index = 16 [2007/07/16 15:31:17] New cleartext connection 0x9ea97d20 from 172.20.240.95:1849, monitor = 0x73, index = 17
Using the first connection of the connection pool for operations with the application's bind ID
[2007/07/16 15:31:17] (172.20.240.95:1840)(0x0001:0x60) DoBind on connection 0x9ea97000
[2007/07/16 15:31:17] (172.20.240.95:1840)(0x0001:0x60) Bind name:cn=bindid,o=base, version:3, authentication:simple
[2007/07/16 15:31:17] (172.20.240.95:1840)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ea97000
[2007/07/16 15:31:17] (172.20.240.95:1840)(0x0001:0x60) Operation 0x1:0x60 on connection 0x9ea97000 completed in 0 seconds
[2007/07/16 15:31:17] (172.20.240.95:1840)(0x0002:0x63) DoSearch on connection 0x9ea97000
[2007/07/16 15:31:17] (172.20.240.95:1840)(0x0002:0x63) Search request:
User Logs in and a new connection is created to bind as the user, even though there are still 9 unused connections in the connection pool
[2007/07/16 15:31:33] New cleartext connection 0x9ea97ee0 from 172.20.240.95:1850, monitor = 0x73, index = 19
[2007/07/16 15:31:33] (172.20.240.95:1850)(0x0001:0x60) DoBind on connection 0x9ea97ee0
[2007/07/16 15:31:33] (172.20.240.95:1850)(0x0001:0x60) Bind name:cn=testuser,ou=USERS,o=base, version:3, authentication:simple
[2007/07/16 15:31:33] (172.20.240.95:1850)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ea97ee0
[2007/07/16 15:31:33] (172.20.240.95:1850)(0x0001:0x60) Operation 0x1:0x60 on connection 0x9ea97ee0 completed in 0 seconds
[2007/07/16 15:31:33] (172.20.240.95:1850)(0x0002:0x63) DoSearch on connection 0x9ea97ee0
[2007/07/16 15:31:33] (172.20.240.95:1850)(0x0002:0x63) Search request:
.....
[2007/07/16 15:31:33] (172.20.240.95:1850)(0x0002:0x63) Operation 0x2:0x63 on connection 0x9ea97ee0 completed in 0 seconds
First connection of the LDAP connection pool is used again for subsequent searches by the application bind ID
[2007/07/16 15:31:33] (172.20.240.95:1840)(0x0009:0x63) DoSearch on connection 0x9ea97000 [2007/07/16 15:31:33] (172.20.240.95:1840)(0x0009:0x63) Search request: ...
"Extra" connection created for the user bind is closed with a TCP Reset, which causes the LDAP server to close the connection with an error
[2007/07/16 15:31:46] Monitor 0x73 found connection 0x9ea85ee0 socket closed, err = -5871, 0 of 0 bytes read
[2007/07/16 15:31:46] Monitor 0x73 initiating close for connection 0x9ea85ee0
[2007/07/16 15:31:46] Server closing connection 0x9ea85ee0, socket error = -5871
[2007/07/16 15:31:46] Connection 0x9ea85ee0 closed
My guess would be that the function that verifies the user's password does not utilize the LDAP connection pool and simply creates a new connection itself.
