Resource exhausted because of unclosed LDAP connection

When auth.type is set to LDAP (not LDAP_BIND), there will be two ldap connections. The 1st connection will bind LDAP to find the DN of the login user, and this connection will be closed in the try...finally block. But the 2nd LDAP connection used to validate user password is not closed at all. Too much unclosed TCP connections cause resource exhausted and latter LDAP authentication will fail. Change-Id: Ia5d83cccde8a0e6590d3e2fadc638d67f6e300e8 Reported-by: Wang Yiming <youthdragon.wangyiming@huawei.com> Signed-off-by: Jiang Xin <worldhello.net@gmail.com> (cherry picked from commit 7ac03844b38b7682b16d6b4ae701d410f84b18fe)
author: Jiang Xin <worldhello.net@gmail.com> 2015-01-07 15:09:54 +0800
committer: Claudio Pacchiega <claudio.pacchiega@gmail.com> 2016-06-10 21:15:24 +0000
commit: 466ff564688418f24472d707cb1a41a65538720e (patch)
tree: 3f1cb476739db9ecc285f0a3dbb68bcaecec097f
parent: f15ff1a487c6c19381222292294f425c851b75aa (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java
index cf68a8bc39..eb6249c3bf 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java
@@ -89,7 +89,7 @@ public class LdapAuthBackend implements AuthBackend {
           // We found the user account, but we need to verify
           // the password matches it before we can continue.
           //
-          helper.authenticate(m.getDN(), req.getPassword());
+          helper.authenticate(m.getDN(), req.getPassword()).close();
         }
         return new AuthUser(new AuthUser.UUID(username), username);
       } finally {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
index 7cde019749..da7ebdbd56 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
@@ -206,7 +206,7 @@ public class LdapRealm implements Realm {
           // We found the user account, but we need to verify
           // the password matches it before we can continue.
           //
-          helper.authenticate(m.getDN(), who.getPassword());
+          helper.authenticate(m.getDN(), who.getPassword()).close();
         }
 
         who.setDisplayName(apply(schema.accountFullName, m));
author	Jiang Xin <worldhello.net@gmail.com>	2015-01-07 15:09:54 +0800
committer	Claudio Pacchiega <claudio.pacchiega@gmail.com>	2016-06-10 21:15:24 +0000
commit	466ff564688418f24472d707cb1a41a65538720e (patch)
tree	3f1cb476739db9ecc285f0a3dbb68bcaecec097f
parent	f15ff1a487c6c19381222292294f425c851b75aa (diff)