libOVD Connection Not Reuse/Close When User Entered Invalid Password

(Doc ID 2337935.1)

Last updated on DECEMBER 26, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Environment run into "Error No LDAP connection available to process request " at random. Debugging the issue, we found that when user entered invalid password, the connection to LDAP is not reused/terminated according to OAM LDAP Identity Store idle timeout ( 2 minutes).

For this, ldap connection (for bad password use case) OAM Identity Store is not reuse connection, and terminates those after 3 minutes:

Below is excerpt from logs:

[27/Jun/2017:18:26:14 -0500] conn=3929 op=-1 msgId=-1 - fd=81 slot=81 LDAPS connection from 10.10.160.60:48024 to 10.10.110.151

[27/Jun/2017:18:26:14 -0500] conn=3929 op=0 msgId=1 - BIND dn="uid=adm1,ou=People,dc=company,dc=com" method=128 version=3

[27/Jun/2017:18:26:14 -0500] conn=3929 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0.015000 dn="uid=adm1,ou=people,dc=company,dc=com"

[27/Jun/2017:18:26:14 -0500] conn=3929 op=1 msgId=2 - SRCH base="ou=people,dc=company,dc=com" scope=2 filter="(&(objectClass=inetorgpearson)(uid=testuser))" attrs="uid mail sn cn description givenName telephoneNumber objectClass displayName nsUniqueId"

[27/Jun/2017:18:26:14 -0500] conn=3929 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0.001000

[27/Jun/2017:18:26:14 -0500] conn=3929 op=2 msgId=3 - BIND dn="uid=testuser,ou=People,dc=company,dc=com" method=128 version=3

[27/Jun/2017:18:26:14 -0500] conn=3929 op=2 msgId=3 - RESULT err=49 tag=97 nentries=0 etime=0.000000

[27/Jun/2017:18:29:14 -0500] conn=3929 op=3 msgId=4 - UNBIND

[27/Jun/2017:18:29:14 -0500] conn=3929 op=3 msgId=-1 - closing from 10.10.160.60:48024 - U1 - Connection closed by unbind client -

[27/Jun/2017:18:29:15 -0500] conn=3929 op=-1 msgId=-1 - closed.

 

Added, initial like workarround in OAM $DOMAIN_HOME/config/fmwconfig/oam-config.xml in section for identity store line like this

<Setting Name="socket.readtimeout" Type="xsd:String">65000</Setting>

example section:

<Setting Name="MAX_CONNECTIONS" Type="xsd:integer">20</Setting>

<Setting Name="MIN_CONNECTIONS" Type="xsd:integer">5</Setting>

<Setting Name="SearchTimeLimit" Type="xsd:integer">0</Setting>

<Setting Name="socket.readtimeout" Type="xsd:String">65000</Setting>

 

After this connection is terminated after 65 seconds, still not being reuse. In current case this is happening only for bad password,

for good password, connection is reuse and terminated according to setup.



Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms