Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14326

Incorrect Password with LDAP Decision Node can use up all connections to Data Store


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s:
    • Fix Version/s: None
    • Component/s: authentication, trees, XUI
    • Labels:
    • Sprint:
      AM Sustaining Sprint 59
    • Story Points:
    • Support Ticket IDs:


      Bug description

      If a user has entered the wrong password for the LDAP Decision Node's Bind User Password while using an LDAPS data store, AM will continue to try and connect to the LDAPS data store and connections will not be disconnected.  The following connections will be noted in the access logs:

      [24/Jan/2019:14:07:56 -0800] CONNECT conn=2592 from= to= protocol=LDAPS
      [24/Jan/2019:14:07:57 -0800] CONNECT conn=2593 from= to= protocol=LDAPS
      [24/Jan/2019:14:07:58 -0800] CONNECT conn=2594 from= to= protocol=LDAPS
      [24/Jan/2019:14:07:59 -0800] CONNECT conn=2595 from= to= protocol=LDAPS
      [24/Jan/2019:14:08:00 -0800] CONNECT conn=2596 from= to= protocol=LDAPS
      [24/Jan/2019:14:08:01 -0800] CONNECT conn=2597 from= to= protocol=LDAPS
      [24/Jan/2019:14:08:02 -0800] CONNECT conn=2598 from= to= protocol=LDAPS
      [24/Jan/2019:14:08:03 -0800] CONNECT conn=2599 from= to= protocol=LDAPS
      [24/Jan/2019:14:08:04 -0800] CONNECT conn=2600 from= to= protocol=LDAPS

      How to reproduce the issue

      1. Create an AM AM with an external DJ 3.5.3 Data Store configured for LDAPS communication
      2. Configure an LDAP Decision Node tree use https://backstage.forgerock.com/knowledge/kb/article/a45408787#LDAP as a guide
      3. Enter incorrect password for Bind User Password in LDAP decision node.
      4. Try to login into OpenAM with end user.
      Expected behaviour
      OpenAM should not try to continue to connect to User Store and connections should be disconnected
      Current behaviour
      Connections continue to get used up without any connections being discontinued

      Work around

      No workaround, if this issue occurs the environment needs to be restarted after correcting the password. If a restart is not done, the issue will continue even if the password is corrected.



          Issue Links



              • Assignee:
                lawrence.yarham Lawrence Yarham
                abel.hoxeng Abel Hoxeng
              • Votes:
                0 Vote for this issue
                6 Start watching this issue


                • Created: