[JBoss JIRA] Created: (JBPORTAL-1782) CMS security checks using ldap causes "too many open files" error
5:29 a.m.
CMS security checks using ldap causes "too many open files" error
-----------------------------------------------------------------
Key: JBPORTAL-1782
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1782
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal CMS, Portal Identity
Affects Versions: 2.6.1 Final
Environment: Linux
Reporter: frontline frontline
Assigned To: Sohil Shah
I have configured the portal to use OpenDS as the "user store".
I noticed that if I log in as some other user than admin and then perform many CMS
operations I eventually get an "java.net.SocketException: Too many open files"
error.
Apparently the portal always opens a new connection when getting role info etc. for
authorization? So there is no caching or even pooling of the ldap connections? Isn't
this also potentially bad for performance (and for the poor ldap server)?
If I wait a while the connections become usable again so there is no connection leak (the
sockets are in TIME_WAIT for a while).
Here is the error:
java.net.SocketException: Too many open files
java.net.Socket.createImpl(Socket.java:388)
java.net.Socket.<init>(Socket.java:361)
java.net.Socket.<init>(Socket.java:179)
com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
javax.naming.InitialContext.init(InitialContext.java:223)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
org.jboss.portal.identity.ldap.LDAPConnectionContext.createInitialContext(LDAPConnectionContext.java:99)
org.jboss.portal.identity.ldap.LDAPUserModuleImpl.searchUsers(LDAPUserModuleImpl.java:353)
org.jboss.portal.identity.ldap.LDAPUserModuleImpl.findUserByUserName(LDAPUserModuleImpl.java:81)
org.jboss.portal.cms.security.AuthorizationProviderImpl.findPermissionsByUser(AuthorizationProviderImpl.java:365)
org.jboss.portal.cms.security.AuthorizationProviderImpl.getSecurityBindings(AuthorizationProviderImpl.java:147)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.getPermissions(ACLEnforcer.java:573)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.computeAccess(ACLEnforcer.java:330)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasReadAccess(ACLEnforcer.java:209)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasAccess(ACLEnforcer.java:120)
org.jboss.portal.cms.security.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:127)
org.jboss.portal.cms.impl.interceptors.ACLInterceptor.invoke(ACLInterceptor.java:238)
org.jboss.portal.cms.CMSInterceptor.invoke(CMSInterceptor.java:36)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:36 a.m.
New subject: [JBoss JIRA] Updated: (JBPORTAL-1782) CMS security checks using ldap causes "too many open files" error
[ http://jira.jboss.com/jira/browse/JBPORTAL-1782?page=all ]
Thomas Heute updated JBPORTAL-1782:
-----------------------------------
Fix Version/s: 2.6.3 Final
Assignee: Boleslaw Dawidowicz (was: Sohil Shah)
CMS security checks using ldap causes "too many open files"
error
-----------------------------------------------------------------
Key: JBPORTAL-1782
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1782
Project: JBoss Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Portal CMS, Portal Identity
Affects Versions: 2.6.1 Final
Environment: Linux
Reporter: frontline frontline
Assigned To: Boleslaw Dawidowicz
Fix For: 2.6.3 Final
I have configured the portal to use OpenDS as the "user store".
I noticed that if I log in as some other user than admin and then perform many CMS
operations I eventually get an "java.net.SocketException: Too many open files"
error.
Apparently the portal always opens a new connection when getting role info etc. for
authorization? So there is no caching or even pooling of the ldap connections? Isn't
this also potentially bad for performance (and for the poor ldap server)?
If I wait a while the connections become usable again so there is no connection leak (the
sockets are in TIME_WAIT for a while).
Here is the error:
java.net.SocketException: Too many open files
java.net.Socket.createImpl(Socket.java:388)
java.net.Socket.<init>(Socket.java:361)
java.net.Socket.<init>(Socket.java:179)
com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
javax.naming.InitialContext.init(InitialContext.java:223)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
org.jboss.portal.identity.ldap.LDAPConnectionContext.createInitialContext(LDAPConnectionContext.java:99)
org.jboss.portal.identity.ldap.LDAPUserModuleImpl.searchUsers(LDAPUserModuleImpl.java:353)
org.jboss.portal.identity.ldap.LDAPUserModuleImpl.findUserByUserName(LDAPUserModuleImpl.java:81)
org.jboss.portal.cms.security.AuthorizationProviderImpl.findPermissionsByUser(AuthorizationProviderImpl.java:365)
org.jboss.portal.cms.security.AuthorizationProviderImpl.getSecurityBindings(AuthorizationProviderImpl.java:147)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.getPermissions(ACLEnforcer.java:573)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.computeAccess(ACLEnforcer.java:330)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasReadAccess(ACLEnforcer.java:209)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasAccess(ACLEnforcer.java:120)
org.jboss.portal.cms.security.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:127)
org.jboss.portal.cms.impl.interceptors.ACLInterceptor.invoke(ACLInterceptor.java:238)
org.jboss.portal.cms.CMSInterceptor.invoke(CMSInterceptor.java:36)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:15 a.m.
New subject: [JBoss JIRA] Resolved: (JBPORTAL-1782) CMS security checks using ldap causes "too many open files" error
[ http://jira.jboss.com/jira/browse/JBPORTAL-1782?page=all ]
Boleslaw Dawidowicz resolved JBPORTAL-1782.
-------------------------------------------
Resolution: Done
I enabled JNDI Ldap connection pooling and checked that context is closed properly. There
are additional connection options available and described in Reference Guide. This should
go in 2.6.3
CMS security checks using ldap causes "too many open files"
error
-----------------------------------------------------------------
Key: JBPORTAL-1782
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1782
Project: JBoss Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Portal CMS, Portal Identity
Affects Versions: 2.6.1 Final
Environment: Linux
Reporter: frontline frontline
Assigned To: Boleslaw Dawidowicz
Fix For: 2.6.3 Final
I have configured the portal to use OpenDS as the "user store".
I noticed that if I log in as some other user than admin and then perform many CMS
operations I eventually get an "java.net.SocketException: Too many open files"
error.
Apparently the portal always opens a new connection when getting role info etc. for
authorization? So there is no caching or even pooling of the ldap connections? Isn't
this also potentially bad for performance (and for the poor ldap server)?
If I wait a while the connections become usable again so there is no connection leak (the
sockets are in TIME_WAIT for a while).
Here is the error:
java.net.SocketException: Too many open files
java.net.Socket.createImpl(Socket.java:388)
java.net.Socket.<init>(Socket.java:361)
java.net.Socket.<init>(Socket.java:179)
com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
javax.naming.InitialContext.init(InitialContext.java:223)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
org.jboss.portal.identity.ldap.LDAPConnectionContext.createInitialContext(LDAPConnectionContext.java:99)
org.jboss.portal.identity.ldap.LDAPUserModuleImpl.searchUsers(LDAPUserModuleImpl.java:353)
org.jboss.portal.identity.ldap.LDAPUserModuleImpl.findUserByUserName(LDAPUserModuleImpl.java:81)
org.jboss.portal.cms.security.AuthorizationProviderImpl.findPermissionsByUser(AuthorizationProviderImpl.java:365)
org.jboss.portal.cms.security.AuthorizationProviderImpl.getSecurityBindings(AuthorizationProviderImpl.java:147)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.getPermissions(ACLEnforcer.java:573)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.computeAccess(ACLEnforcer.java:330)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasReadAccess(ACLEnforcer.java:209)
org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasAccess(ACLEnforcer.java:120)
org.jboss.portal.cms.security.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:127)
org.jboss.portal.cms.impl.interceptors.ACLInterceptor.invoke(ACLInterceptor.java:238)
org.jboss.portal.cms.CMSInterceptor.invoke(CMSInterceptor.java:36)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6259
days inactive
6277
days old
2 comments
3 participants
participants (3)
-
Boleslaw Dawidowicz (JIRA) -
frontline frontline (JIRA)
-
Thomas Heute (JIRA)