From 7ac03844b38b7682b16d6b4ae701d410f84b18fe Mon Sep 17 00:00:00 2001 From: Jiang Xin Date: Wed, 7 Jan 2015 15:09:54 +0800 Subject: [PATCH] Resource exhausted because of unclosed LDAP connection When auth.type is set to LDAP (not LDAP_BIND), there will be two ldap connections. The 1st connection will bind LDAP to find the DN of the login user, and this connection will be closed in the try...finally block. But the 2nd LDAP connection used to validate user password is not closed at all. Too much unclosed TCP connections cause resource exhausted and latter LDAP authentication will fail. Change-Id: Ia5d83cccde8a0e6590d3e2fadc638d67f6e300e8 Reported-by: Wang Yiming Signed-off-by: Jiang Xin --- .../com/google/gerrit/server/auth/ldap/LdapAuthBackend.java | 2 +- .../main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java index cf68a8bc39..eb6249c3bf 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java @@ -89,7 +89,7 @@ public class LdapAuthBackend implements AuthBackend { // We found the user account, but we need to verify // the password matches it before we can continue. // - helper.authenticate(m.getDN(), req.getPassword()); + helper.authenticate(m.getDN(), req.getPassword()).close(); } return new AuthUser(new AuthUser.UUID(username), username); } finally { diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java index 84b5277988..8bb481ca4a 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java @@ -206,7 +206,7 @@ public class LdapRealm implements Realm { // We found the user account, but we need to verify // the password matches it before we can continue. // - helper.authenticate(m.getDN(), who.getPassword()); + helper.authenticate(m.getDN(), who.getPassword()).close(); } who.setDisplayName(apply(schema.accountFullName, m));