Search code examples
active-directoryldapjndi

Is context need to be closed explicity in LDAP connection pooling

We are using below settings for LDAP JNDI connection pooling:

    DirContext ctx = null;
    try 
    {
        Hashtable<String, String> env = new Hashtable<String, String>();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldaps://" + server + ":" + serverPort);
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, pUserName);
        env.put(Context.SECURITY_CREDENTIALS, pPassword);
        env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
        env.put(Context.SECURITY_PROTOCOL, "ssl");
        env.put("com.sun.jndi.ldap.read.timeout", "300000");

        Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

        // load the location of keystore that holds trusted root certificates from web.xml
        ServletContext context = ApplicationServlet.getApplication().getServlet().getServletContext();
        String certificatePath = context.getInitParameter("AD_CERTIFICATE_PATH");

        System.setProperty("javax.net.ssl.trustStore",  certificatePath);
        //          System.setProperty("javax.net.debug", "all");

        // For connection pooling
        env.put("com.sun.jndi.ldap.connect.pool", "true");
        System.setProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain ssl");
        System.setProperty("com.sun.jndi.ldap.connect.pool.maxsize", poolMaxSize);
        System.setProperty("com.sun.jndi.ldap.connect.pool.prefsize", poolPrefSize);
        System.setProperty("com.sun.jndi.ldap.connect.pool.timeout", poolTimeOut);
        System.setProperty("com.sun.jndi.ldap.connect.pool.debug", "fine");

        ctx = new InitialDirContext(env);
        return (DirContext) ctx;

After performing Search in Active Directory we are closing context explicitly using ctx.close() to release connection back to pool.

With above implementation we are facing issue that connection is closed immediately after getting connection:

12:06:14,837 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-22) Create and use com.sun.jndi.ldap.LdapClient@26a2a0eb[eun1p3-be.stp-prod.st.com:636]
12:06:16,855 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-22) Close com.sun.jndi.ldap.LdapClient@26a2a0eb
12:06:18,301 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-23) Create and use com.sun.jndi.ldap.LdapClient@76e26d4a[eun1p3-be.stp-prod.st.com:636]
12:06:20,353 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-23) Close com.sun.jndi.ldap.LdapClient@76e26d4a
12:06:21,713 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-19) Create and use com.sun.jndi.ldap.LdapClient@4bb50913[eun1p3-be.stp-prod.st.com:636]
12:06:23,746 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-19) Close com.sun.jndi.ldap.LdapClient@4bb50913
12:06:25,366 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-6) Create and use com.sun.jndi.ldap.LdapClient@2a2eecb7[eun1p3-be.stp-prod.st.com:636]
12:06:27,473 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-6) Close com.sun.jndi.ldap.LdapClient@2a2eecb7
12:06:28,757 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-25) Create and use com.sun.jndi.ldap.LdapClient@3c34b0d[eun1p3-be.stp-prod.st.com:636]
12:06:30,855 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-25) Close com.sun.jndi.ldap.LdapClient@3c34b0d
12:06:32,214 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-22) Create and use com.sun.jndi.ldap.LdapClient@6d9ca028[eun1p3-be.stp-prod.st.com:636]
12:06:34,294 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-22) Close com.sun.jndi.ldap.LdapClient@6d9ca028
12:06:35,730 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-23) Create and use com.sun.jndi.ldap.LdapClient@72ed6bb2[eun1p3-be.stp-prod.st.com:636]
12:06:37,753 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-23) Close com.sun.jndi.ldap.LdapClient@72ed6bb2
12:06:39,184 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-19) Create and use com.sun.jndi.ldap.LdapClient@e87ce30[eun1p3-be.stp-prod.st.com:636]
12:06:41,266 ERROR [stderr] (http-eul151.sgp.st.com-10.75.32.13-10080-19) Close com.sun.jndi.ldap.LdapClient@e87ce30
Solution

  • Yes, you have to close not only all Contexts but also all NamingEnumerations. That's how connections get returned to the pool.

    There is no evidence in your log that connections are being closed. What's being closed is com.sun.jndi.ldap.LdapClients.