[ https://issues.apache.org/jira/browse/ARTEMIS-4712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Bertram resolved ARTEMIS-4712. ------------------------------------- Fix Version/s: 2.34.0 Resolution: Fixed > Remove LDAP connection pooling > ------------------------------ > > Key: ARTEMIS-4712 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4712 > Project: ActiveMQ Artemis > Issue Type: Bug > Reporter: Justin Bertram > Assignee: Justin Bertram > Priority: Major > Fix For: 2.34.0 > > Time Spent: 20m > Remaining Estimate: 0h > > The {{LDAPLoginModule}} supports connection pooling, but there have been > reports of weird behavior with pooling vs. without. For example, with pooling > once a login failure occurs subsequent login attempts also fail - even if > credentials are valid. However, without pooling this behavior is never seen. > Upon further investigation the [Oracle > documentation|https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/pool.html] > says this: > bq. Pooled connections are intended to be reused. Therefore, if you plan to > perform operations on a Context instance that might alter the underlying > connection's state, then you should not use connection pooling for that > Context instance. For example, if you plan to invoke the Start TLS extended > operation on a Context instance, or plan to change security-related > properties (such as "java.naming.security.principal" or > "java.naming.security.protocol") after the initial context has been created, > you should not use connection pooling for that Context instance because the > LDAP provider does not track any such state changes. If you use connection > pooling in such situations, you might be compromising the security of your > application. > The {{LDAPLoginModule}} does, in fact, modify the > {{java.naming.security.principal}} of the {{Context}} (i.e. in the > {{bindUser}} method). Although the {{Context}} is immediately reset to the > original values (ostensibly restoring normal pool behavior) the pooling > functionality should be removed in an abundance of caution. -- This message was sent by Atlassian Jira (v8.20.10#820010)