Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5514

Delegated LDAP only have a single LDAP connection per user without timeout

    XMLWordPrintable

Details

    Description

      Issue Summary

      When Bitbucket configured with Delegated LDAP connection, Bitbucket HTTP connection only have a single LDAP connection per user to LDAP server without timeout causing all HTTP connections loading non-stop during login

      Steps to Reproduce

      1. Configure Bitbucket with Delegated LDAP connection at Administration >> User Directories >> Add Directory >> Internal with LDAP Authentication
      2. Create a user in Bitbucket Server with a LDAP username
      3. Login with Delegated LDAP user to confirm that it is working fine
      4. Shutdown LDAP server (port 10389) and start another application with the same port
      5. Login with the same Delegated LDAP user
      6. Shutdown the application that use the port 10389
      7. Start LDAP server (port 10389)
      8. Login with the same Delegated LDAP user in multiple browsers

      Expected Results

      Step 4 will load non-stop while step 7 will succeed

      Actual Results

      All login attempt loading non-stop.
      Thread dump shows only a single LDAP connection from HTTP thread:

      "http-nio-7990-exec-4" #22 daemon prio=5 tid=0x00007ff16f7a1000 nid=0x7d03 in Object.wait() [0x000070000ebad000]
         java.lang.Thread.State: WAITING (on object monitor)
      	at java.lang.Object.wait(Native Method)
      	at java.lang.Object.wait(Object.java:502)
      	at com.sun.jndi.ldap.Connection.readReply(Connection.java:476)
      	- locked <0x000000078f1a05e8> (a com.sun.jndi.ldap.LdapRequest)
      	at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365)
      	- locked <0x000000078f1a0780> (a com.sun.jndi.ldap.LdapClient)
      	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
      	- locked <0x000000078f1a0780> (a com.sun.jndi.ldap.LdapClient)
      	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
      	at com.sun.jndi.ldap.LdapCtx. (LdapCtx.java:319)
      	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      	at javax.naming.InitialContext.init(InitialContext.java:244)
      	at javax.naming.ldap.InitialLdapContext. (InitialLdapContext.java:154)
      	at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
      	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
      	at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
      	at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:174)
      	at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88)
      	at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)
      	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357)
      	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$10.timedCall(SpringLdapTemplateWrapper.java:354)
      	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$10.timedCall(SpringLdapTemplateWrapper.java:351)
      	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:146)
      	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:109)
      	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:351)
      	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.searchWithLimitedResults(SpringLdapTemplateWrapper.java:399)
      	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:518)
      	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:479)
      	at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:715)
      	at com.atlassian.crowd.directory.SpringLDAPConnector.findUserWithAttributesByName(SpringLDAPConnector.java:664)
      	at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:650)
      	at com.atlassian.crowd.directory.SpringLDAPConnector.authenticate(SpringLDAPConnector.java:1165)
      	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticate(DelegatedAuthenticationDirectory.java:171)
      	at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:317)
      	at com.atlassian.stash.internal.crowd.CustomizedDirectoryManager.authenticateUser(CustomizedDirectoryManager.java:52)
      

      All other HTTP threads in waiting status:

      "http-nio-7990-exec-7" #25 daemon prio=5 tid=0x00007ff1704f1000 nid=0x8303 waiting on condition [0x000070000eeba000]
         java.lang.Thread.State: WAITING (parking)
      	at sun.misc.Unsafe.park(Native Method)
      	- parking to wait for  <0x000000078f1a0e80> (a com.atlassian.util.concurrent.ConcurrentOperationMapImpl$CallerRunsFuture)
      	at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
      	at java.util.concurrent.FutureTask.awaitDone(FutureTask.java:429)
      	at java.util.concurrent.FutureTask.get(FutureTask.java:191)
      	at com.atlassian.util.concurrent.ConcurrentOperationMapImpl$CallerRunsFuture.get(ConcurrentOperationMapImpl.java:65)
      	at com.atlassian.util.concurrent.ConcurrentOperationMapImpl.runOperation(ConcurrentOperationMapImpl.java:51)
      	at com.atlassian.stash.internal.crowd.RiotPolice.authenticate(RiotPolice.java:132)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:497)
      	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
      	at com.atlassian.stash.internal.plugin.OsgiSafeProxyProvider$1.invoke(OsgiSafeProxyProvider.java:95)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
      	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
      	at com.sun.proxy.$Proxy1773.authenticate(Unknown Source)
      	at com.atlassian.stash.internal.auth.EmbeddedCrowdHttpAuthenticationHandler.authenticate(EmbeddedCrowdHttpAuthenticationHandler.java:51)
      	at com.atlassian.bitbucket.auth.HttpAuthenticationHandler.performAuthentication(HttpAuthenticationHandler.java:88)
      	at com.atlassian.stash.internal.auth.DefaultAuthenticationService.lambda$authenticateInternal$2(DefaultAuthenticationService.java:158)
      	at com.atlassian.stash.internal.auth.DefaultAuthenticationService$$Lambda$548/429571195.perform(Unknown Source)
      	at com.atlassian.stash.internal.auth.DefaultCaptchaService.authenticateWithCaptcha(DefaultCaptchaService.java:72)
      

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              klfoong Foong (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: