[jboss-user] [Security & JAAS/JBoss] - Using LdapLoginModule opens many connections to LDAP

eyal.zfira do-not-reply at jboss.com
Thu Sep 18 08:32:51 EDT 2008 

Hi,
I'm using LdapLoginModule to authenticate users using the LDAP service.
I see (using netstat) that there are hundreds (!!) of ESTABLISHED connections from my JBoss server to the LDAP server.
There are more and more connections adding after almost every action I perform in my application. Eventually the application hangs.

I tried adding pooling attributes to the login-config.xml but it didn't seem to solve the issue.

here is the LDAP login-module from the login-config.xml:


  | <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="optional">
  | 	<module-option name="password-stacking">useFirstPass</module-option>
  | 	<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  | 	<module-option name="java.naming.provider.url">ldap://00.00.00.00/</module-option>
  | 	<module-option name="java.naming.security.authentication">simple</module-option>
  | 	<module-option name="java.naming.security.principal">cn=xxx</module-option> 
  | 	<module-option name="java.naming.security.credentials">xxx</module-option> 
  | 	<module-option name="principalDNPrefix">uid=</module-option>
  | 	<module-option name="uidAttributeID">member</module-option>
  | 	<module-option name="matchOnUserDN">true</module-option>
  | 	<module-option name="principalDNSuffix">,ou=xxx,dc=xxx,dc=xxx</module-option>
  | 	<module-option name="com.sun.jndi.ldap.connect.pool">true</module-option>
  | 	<module-option name="com.sun.jndi.ldap.connect.pool.authentication">simple</module-option>
  | 	<module-option name="com.sun.jndi.ldap.connect.pool.maxsize">20</module-option>
  | 	<module-option name="com.sun.jndi.ldap.connect.pool.prefsize">10</module-option>
  | 	<module-option name="com.sun.jndi.ldap.connect.pool.timeout">300000</module-option>
  | 	<module-option name="com.sun.jndi.ldap.connect.pool.debug">fine</module-option>
  | </login-module>

Thanks!

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4177394#4177394

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4177394

More information about the jboss-user mailing list