Resource exhausted because of unclosed LDAP connection

When auth.type is set to LDAP (not LDAP_BIND), there will be two ldap connections. The 1st connection will bind LDAP to find the DN of the login user, and this connection will be closed in the try...finally block. But the 2nd LDAP connection used to validate user password is not closed at all. Too much unclosed TCP connections cause resource exhausted and latter LDAP authentication will fail. Change-Id: Ia5d83cccde8a0e6590d3e2fadc638d67f6e300e8 Reported-by: Wang Yiming <youthdragon.wangyiming@huawei.com> Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
2015-01-07 15:09:54 +08:00
parent aebb492d9f
commit 7ac03844b3
2 changed files with 2 additions and 2 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java
@@ -89,7 +89,7 @@ public class LdapAuthBackend implements AuthBackend {
          // We found the user account, but we need to verify
          // the password matches it before we can continue.
          //
-          helper.authenticate(m.getDN(), req.getPassword());
+          helper.authenticate(m.getDN(), req.getPassword()).close();
        }
        return new AuthUser(new AuthUser.UUID(username), username);
      } finally {
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
@@ -206,7 +206,7 @@ public class LdapRealm implements Realm {
          // We found the user account, but we need to verify
          // the password matches it before we can continue.
          //
-          helper.authenticate(m.getDN(), who.getPassword());
+          helper.authenticate(m.getDN(), who.getPassword()).close();
        }

        who.setDisplayName(apply(schema.accountFullName, m));