Socket Leak after erroneously trying to authenticate using an external LDAP Server.

(Doc ID 1392649.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle Weblogic Server - Version 11.1.1.3.0 and later
Information in this document applies to any platform.

Symptoms

The issue manifests it self, when a $netstat -anp|grep ESTABLISHED|grep <AdminServerPort> |wc -l is issued. In here you will see that for each invalid login attempt, the open sockets will raise in 2 units:




[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
9
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
11
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
13
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
15
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
17
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
17
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
19
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l
19
[oracle@infra config]$ netstat -anp |grep ESTA|grep 6501|wc -l

21
...



Next are the steps to reproduce the issue. This part can be skipped.

Weblogic Server Version: WLS 10.3.3
OS: Linux infra.vm.oracle.com 2.6.9-55.0.2.0.1.ELsmp #1 SMP Mon Jun 25 14:36:37 PDT 2007 i686 i686 i386 GNU/Linux
Java -version output: java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
BEA JRockit(R) (build R27.6.5-32_o-121899-1.6.0_14-20091001-2113-linux-ia32, compiled mode)


In order to reproduce this issue:


1.

The following needs to be configured on the machine:


2. Bellow is the sequence necessary to correctly check OVD/OID Integration with WebLogic Server.

As user oracle:

STARTUP SEQUENCE:
2.1 Start the listener and database with the script '/home/oracle/startrdbms.sh'


[oracle@infra ~]$ ./startrdbms.sh
========================================
Starting Listener and Database
NOTE- Please wait for completion message
========================================

LSNRCTL for Linux: Version 11.1.0.7.0 - Production on 04-NOV-2011 00:18:53

Copyright (c) 1991, 2008, Oracle. All rights reserved.

Starting /u01/app/oracle/product/11.1.0/db_1//bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.1.0.7.0 - Production
Log messages written to /u01/app/oracle/product/11.1.0/db_1/log/diag/tnslsnr/infra/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=infra.vm.oracle.com)(PORT=1521)))

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.1.0.7.0 - Production
Start Date 04-NOV-2011 00:18:57
Uptime 0 days 0 hr. 0 min. 2 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File /u01/app/oracle/product/11.1.0/db_1/log/diag/tnslsnr/infra/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=infra.vm.oracle.com)(PORT=1521)))
The listener supports no services
The command completed successfully

SQL*Plus: Release 11.1.0.7.0 - Production on Fri Nov 4 00:19:00 2011

Copyright (c) 1982, 2008, Oracle. All rights reserved.

Connected to an idle instance.

SQL> ORACLE instance started.

Total System Global Area 849530880 bytes
Fixed Size 1316684 bytes
Variable Size 641730740 bytes
Database Buffers 201326592 bytes
Redo Buffers 5156864 bytes
Database mounted.
Database opened.
SQL> Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

===================
Operation Completed
===================


Review Listener status.


[oracle@infra ~]$ . /home/oracle/setrdbms
[oracle@infra ~]$ lsnrctl status

LSNRCTL for Linux: Version 11.1.0.7.0 - Production on 04-NOV-2011 00:22:24

Copyright (c) 1991, 2008, Oracle. All rights reserved.

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.1.0.7.0 - Production
Start Date 04-NOV-2011 00:18:57
Uptime 0 days 0 hr. 3 min. 27 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File /u01/app/oracle/product/11.1.0/db_1/log/diag/tnslsnr/infra/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=infra.vm.oracle.com)(PORT=1521)))
Services Summary...
Service "idmdb.vm.oracle.com" has 1 instance(s).
Instance "idmdb", status READY, has 1 handler(s) for this service...
Service "idmdbXDB.vm.oracle.com" has 1 instance(s).
Instance "idmdb", status READY, has 1 handler(s) for this service...
Service "idmdb_XPT.vm.oracle.com" has 1 instance(s).
Instance "idmdb", status READY, has 1 handler(s) for this service...
The command completed successfully




==========================


2.1.1. Set Domain Infrastructure:


[oracle@infra ~]$ . /home/oracle/setinfra

Configuring environment:

Use the command cdo to change directory to the /u01/Middleware/Oracle_IDM1
Use the command cdi to change directory to the /u01/Middleware/asinst_1
Use the command cdw to change directory to the /u01/Middleware/user_projects/domains/IDMDomain






2.2 Start OID, OVD and the EMAGENT with '$INSTANCE_HOME/bin/opmnctl startall'


[oracle@infra ~]$ opmnctl status -l
opmnctl status: opmn is not running.
[oracle@infra ~]$ opmnctl startall
opmnctl startall: starting opmn and all managed processes...
[oracle@infra ~]$ opmnctl status -l

Processes in Instance: asinst_1
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ias-component | process-type | pid | status | uid | memused | uptime | ports
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ovd1 | OVD | 4212 | Alive | 1066950621 | 440892 | 0:01:32 | ldaps:7501,https:8899,ldap:6501
oid1 | oidldapd | 4252 | Alive | 1066950623 | 106548 | 0:01:25 | N/A
oid1 | oidldapd | 4241 | Alive | 1066950622 | 50980 | 0:01:28 | N/A
oid1 | oidmon | 4213 | Alive | 1066950620 | 48472 | 0:01:32 | LDAPS:3131,LDAP:3060
EMAGENT | EMAGENT | 4214 | Alive | 1066950619 | 5928 | 0:01:32 | N/A







2.3 Start the Weblogic Admin server with '$WLS_HOME/bin/startWebLogic.sh'


[oracle@infra ~]$ cd $WLS_HOME
[oracle@infra IDMDomain]$ cd bin/
[oracle@infra bin]$ ./startWebLogic.sh




2.4 Start the included Managed Weblogic container with '$WLS_HOME/bin/startManagedWebLogic.sh wls_ods1'


3. Create an OVD authenticator provider:

Home >Summary of Security Realms >myrealm >Providers

Name: OVD Authenticator

Control Flag: SUFFICIENT


Provider Specific:


Host: celvpint5606.us.oracle.com
Port: 6501
Principal: cn=orcladmin
Credential: welcome1


User_base_DN: cn=orcladmin, cn=ovdusers, dc=vm, dc=oracle,dc=com

Group_Base_DN: cn=ovdadmin, cn=ovdusers, dc=vm, dc=oracle,dc=com


Remote Base : cn=Users, dc=vm,dc=oracle,dc=com

Mapped Namespace : cn=ovdusers, dc=vm, dc=oracle, dc=com




4. Bounce environment.
5. Check if orcladmin user was retrieved.. .OK


ENVIRONMENT SET.



Changes

After this, changed the password for the principal in OVD authenticator provider.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms