diff options
author | Jiang Xin <worldhello.net@gmail.com> | 2015-01-07 15:09:54 +0800 |
---|---|---|
committer | Claudio Pacchiega <claudio.pacchiega@gmail.com> | 2016-06-10 21:15:24 +0000 |
commit | 466ff564688418f24472d707cb1a41a65538720e (patch) | |
tree | 3f1cb476739db9ecc285f0a3dbb68bcaecec097f | |
parent | f15ff1a487c6c19381222292294f425c851b75aa (diff) |
Resource exhausted because of unclosed LDAP connection
When auth.type is set to LDAP (not LDAP_BIND), there will be two ldap
connections. The 1st connection will bind LDAP to find the DN of the
login user, and this connection will be closed in the try...finally
block. But the 2nd LDAP connection used to validate user password
is not closed at all. Too much unclosed TCP connections cause resource
exhausted and latter LDAP authentication will fail.
Change-Id: Ia5d83cccde8a0e6590d3e2fadc638d67f6e300e8
Reported-by: Wang Yiming <youthdragon.wangyiming@huawei.com>
Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
(cherry picked from commit 7ac03844b38b7682b16d6b4ae701d410f84b18fe)
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java | 2 | ||||
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java index cf68a8bc39..eb6249c3bf 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java @@ -89,7 +89,7 @@ public class LdapAuthBackend implements AuthBackend { // We found the user account, but we need to verify // the password matches it before we can continue. // - helper.authenticate(m.getDN(), req.getPassword()); + helper.authenticate(m.getDN(), req.getPassword()).close(); } return new AuthUser(new AuthUser.UUID(username), username); } finally { diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java index 7cde019749..da7ebdbd56 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java @@ -206,7 +206,7 @@ public class LdapRealm implements Realm { // We found the user account, but we need to verify // the password matches it before we can continue. // - helper.authenticate(m.getDN(), who.getPassword()); + helper.authenticate(m.getDN(), who.getPassword()).close(); } who.setDisplayName(apply(schema.accountFullName, m)); |