2

i have a webpage page to manage active directory groups, and in the initialization of this page i connect to ldap with jndi and save the ldap context in http session.

here's how i connect to ldap:

 public static LdapContext connectToLdap(String host,
            String userDN, String userPassword,
            boolean ssl) throws Exception {

        System.out.println("connectToLdap");

        String hostPrefix = "ldap";
        String ldapPort = "389";
        if (ssl) {
            hostPrefix = "ldaps";
            ldapPort = "636";
        }
        String providerUrl = hostPrefix + "://" + host + ":" + ldapPort;
        //System.out.println("####### LDAP URL: " + providerUrl);
        LdapContext ldapContext;
        Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11);
        ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,
                "com.sun.jndi.ldap.LdapCtxFactory");
        ldapEnv.put(Context.PROVIDER_URL, providerUrl);
        ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
        ldapEnv.put(Context.SECURITY_PRINCIPAL, userDN);
        ldapEnv.put(Context.SECURITY_CREDENTIALS, userPassword);
        ldapEnv.put("com.sun.jndi.ldap.read.timeout", 1000 * 10 + "");
        if (ssl) {
            ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
        }
        ldapEnv.put(Context.REFERRAL, "ignore");
        try {
            ldapContext = new InitialLdapContext(ldapEnv, null);           
            System.out.println("success connection to ldap");
            return ldapContext;
        } catch (Exception e) {
            System.out.println("failure connection to ldap");
            e.printStackTrace();
            return null;
        }
    }
  • i don't close the context because it will be reused during user session.
  • i put the ldapcontext in session so that i don't have to make frequent conenctions to ldap per user, only one connection per session per user.

ISSUE: i noticed that sometimes after 10-15 minutes the retrieval of active directory groups fails and i get exception:

javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]

any ideas why ? please advise why i am getting this issue and how to resolve it.

Improve this question
1
  • Check the LDAP server logs. There will be some problem because of which the server is resetting the connection. Commented Oct 3, 2013 at 7:42

1 Answer 1

Reset to default
1

Don't place LdapContext in HTTP session it does not implement Serializable interface so there is no guarantee that it can be stored/restored to/from session.

Think about it, if session was to be stored in database or replicated to another server LdapContext would be converted to bytes, along with any socket descriptors it references, how would that work when you restore them from bytes?

Have it in a singleton if you need long term connections.

Other than that it is common for servers and networking equipment to close [what they think are] inactive network connections, so any long term connections need to be tested or keep-alive'd.

If it's still relevant I would suggest that you use the (GPLv2, LGPLv2.1 licensed) UnboundID LDAP SDK for Java (no affiliation), that handles connection pooling and connection testing a bit better than the shipped JNDI implementation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.