Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14326

Incorrect Password with LDAP Decision Node can use up all connections to Data Store

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 6.0.0.4
    • Fix Version/s: None
    • Component/s: authentication, trees, XUI
    • Labels:
    • Sprint:
      AM Sustaining Sprint 59
    • Story Points:
      5
    • Support Ticket IDs:

      Description

      Bug description

      If a user has entered the wrong password for the LDAP Decision Node's Bind User Password while using an LDAPS data store, AM will continue to try and connect to the LDAPS data store and connections will not be disconnected.  The following connections will be noted in the access logs:

      [24/Jan/2019:14:07:56 -0800] CONNECT conn=2592 from=127.0.0.1:58241 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:07:57 -0800] CONNECT conn=2593 from=127.0.0.1:58242 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:07:58 -0800] CONNECT conn=2594 from=127.0.0.1:58243 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:07:59 -0800] CONNECT conn=2595 from=127.0.0.1:58244 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:08:00 -0800] CONNECT conn=2596 from=127.0.0.1:58245 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:08:01 -0800] CONNECT conn=2597 from=127.0.0.1:58246 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:08:02 -0800] CONNECT conn=2598 from=127.0.0.1:58247 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:08:03 -0800] CONNECT conn=2599 from=127.0.0.1:58248 to=127.0.0.1:2636 protocol=LDAPS
      [24/Jan/2019:14:08:04 -0800] CONNECT conn=2600 from=127.0.0.1:58249 to=127.0.0.1:2636 protocol=LDAPS

      How to reproduce the issue

      1. Create an AM 6.0.0.0.4 AM with an external DJ 3.5.3 Data Store configured for LDAPS communication
      2. Configure an LDAP Decision Node tree use https://backstage.forgerock.com/knowledge/kb/article/a45408787#LDAP as a guide
      3. Enter incorrect password for Bind User Password in LDAP decision node.
      4. Try to login into OpenAM with end user.
      Expected behaviour
      OpenAM should not try to continue to connect to User Store and connections should be disconnected
      Current behaviour
      Connections continue to get used up without any connections being discontinued

      Work around

      No workaround, if this issue occurs the environment needs to be restarted after correcting the password. If a restart is not done, the issue will continue even if the password is corrected.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                abel.hoxeng Abel Hoxeng
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: