1 Reply Latest reply on Nov 2, 2007 5:36 AM by bdaw

portal ldap problems

frontline2 Oct 31, 2007 2:02 PM

I have configured the portal to use OpenDS as the "user store".
I noticed that if I log in as some other user than admin and then perform many CMS operations I eventually get an "java.net.SocketException: Too many open files" error.
Apparently the portal always opens a new connection when getting role info etc. for authorization? So there is no caching or even pooling of the ldap connections? Isn't this also potentially bad for performance (and for the poor ldap server)?
If I wait a while the connections become usable again so there is no connection leak (the sockets are in TIME_WAIT for a while).

Here is the error:

java.net.SocketException: Too many open files
 java.net.Socket.createImpl(Socket.java:388)
 java.net.Socket.<init>(Socket.java:361)
 java.net.Socket.<init>(Socket.java:179)
 com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
 com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
 com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
 com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
 com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
 com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
 com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
 com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
 com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
 com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
 javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
 javax.naming.InitialContext.init(InitialContext.java:223)
 javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
 org.jboss.portal.identity.ldap.LDAPConnectionContext.createInitialContext(LDAPConnectionContext.java:99)
 org.jboss.portal.identity.ldap.LDAPUserModuleImpl.searchUsers(LDAPUserModuleImpl.java:353)
 org.jboss.portal.identity.ldap.LDAPUserModuleImpl.findUserByUserName(LDAPUserModuleImpl.java:81)
 org.jboss.portal.cms.security.AuthorizationProviderImpl.findPermissionsByUser(AuthorizationProviderImpl.java:365)
 org.jboss.portal.cms.security.AuthorizationProviderImpl.getSecurityBindings(AuthorizationProviderImpl.java:147)
 org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.getPermissions(ACLEnforcer.java:573)
 org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.computeAccess(ACLEnforcer.java:330)
 org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasReadAccess(ACLEnforcer.java:209)
 org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasAccess(ACLEnforcer.java:120)
 org.jboss.portal.cms.security.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:127)
 org.jboss.portal.cms.impl.interceptors.ACLInterceptor.invoke(ACLInterceptor.java:238)
 org.jboss.portal.cms.CMSInterceptor.invoke(CMSInterceptor.java:36)

1. Re: portal ldap problems

bdaw Nov 2, 2007 5:36 AM (in response to frontline2)

Can you fill a jira bug report for this? We cache user identity on authentication to not bind on every request.
Actions