Turn off LDAP connection pooling in JIRA

How can I turn off LDAP connection pooling in JIRA?

Programmatically, this is normally done in Java as follows:

Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://my.ldap.server:389");
env.put("com.sun.jndi.ldap.connect.pool", "false");
DirContext ctx = new InitialDirContext(env);
// use ctx to run LDAP queries

The important thing to note is that com.sun.jndi.ldap.connect.pool is not a VM argument. Ie launching the JVM with it passed in has no effect. With this in mind, how can I get JIRA to supply com.sun.jndi.ldap.connect.pool=false to the InitialDirContext constructor?

Thanks!

3 answers

1 accepted

Accepted Answer
0 votes

The important thing to note is that com.sun.jndi.ldap.connect.pool is not a VM argument.

However, some of the settings are according to Oracle JVM docs:

http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html

You may be able to set one of these to a value that precludes pooling from being allowed for your connections?
In particular I am thinking:

  • com.sun.jndi.ldap.connect.pool.authentication
    A list of space-separated authentication types of connections that may be pooled
  • or com.sun.jndi.ldap.connect.pool.protocol
    A list of space-separated protocol types of connections that may be pooled.

Hi Mark, thanks a lot for the help. I'll give those properties a go and report back here!

Okay, it turns out that this does work! It does seem a bit of a "hack", but I'll take it! Here is the output from netstat:

[root@jira01 ~]# netstat -ap | grep ldap
tcp        0      0 ::ffff:172.24.102.15:42130  ::ffff:146.195.128.254:ldap TIME_WAIT   -
tcp        0      0 ::ffff:172.24.102.15:42129  ::ffff:146.195.128.254:ldap TIME_WAIT   -

(Previously, I had a bunch of ESTABLISHED connections with PIDs at the end.)

For anyone else reading this, I added the following to setenv.sh:

JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.jndi.ldap.connect.pool.protocol=DIGEST-MD5"

It would be nice if there was a more official way to turn off LDAP connection pooling in JIRA/Crowd. Should I raise a ticket with Atlassian support for this?


Thanks again!

-Muel

Currently there is no

Currently JIRA does not provide any way to turn off LDAP conneciton pooling.

According to the Crowd documentation this is available in the Crowd server:

https://confluence.atlassian.com/display/CROWD/Configuring+the+LDAP+Connection+Pool

So in theory you should be able to connect JIRA to Crowd and Crowd to LDAP and turn off the pooling in the Crowd server. However, reading the Oracle docs and the Crowd source code, I am not sure if this will actually work ... please test first if you want to try this.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

20,510 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you