Turn off LDAP connection pooling in JIRA

How can I turn off LDAP connection pooling in JIRA?

Programmatically, this is normally done in Java as follows:

Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://my.ldap.server:389");
env.put("com.sun.jndi.ldap.connect.pool", "false");
DirContext ctx = new InitialDirContext(env);
// use ctx to run LDAP queries

The important thing to note is that com.sun.jndi.ldap.connect.pool is not a VM argument. Ie launching the JVM with it passed in has no effect. With this in mind, how can I get JIRA to supply com.sun.jndi.ldap.connect.pool=false to the InitialDirContext constructor?

Thanks!

3 answers

1 accepted

The important thing to note is that com.sun.jndi.ldap.connect.pool is not a VM argument.

However, some of the settings are according to Oracle JVM docs:

http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html

You may be able to set one of these to a value that precludes pooling from being allowed for your connections?
In particular I am thinking:

  • com.sun.jndi.ldap.connect.pool.authentication
    A list of space-separated authentication types of connections that may be pooled
  • or com.sun.jndi.ldap.connect.pool.protocol
    A list of space-separated protocol types of connections that may be pooled.

Hi Mark, thanks a lot for the help. I'll give those properties a go and report back here!

Okay, it turns out that this does work! It does seem a bit of a "hack", but I'll take it! Here is the output from netstat:

[root@jira01 ~]# netstat -ap | grep ldap
tcp        0      0 ::ffff:172.24.102.15:42130  ::ffff:146.195.128.254:ldap TIME_WAIT   -
tcp        0      0 ::ffff:172.24.102.15:42129  ::ffff:146.195.128.254:ldap TIME_WAIT   -

(Previously, I had a bunch of ESTABLISHED connections with PIDs at the end.)

For anyone else reading this, I added the following to setenv.sh:

JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.jndi.ldap.connect.pool.protocol=DIGEST-MD5"

It would be nice if there was a more official way to turn off LDAP connection pooling in JIRA/Crowd. Should I raise a ticket with Atlassian support for this?


Thanks again!

-Muel

Currently there is no

Currently JIRA does not provide any way to turn off LDAP conneciton pooling.

According to the Crowd documentation this is available in the Crowd server:

https://confluence.atlassian.com/display/CROWD/Configuring+the+LDAP+Connection+Pool

So in theory you should be able to connect JIRA to Crowd and Crowd to LDAP and turn off the pooling in the Crowd server. However, reading the Oracle docs and the Crowd source code, I am not sure if this will actually work ... please test first if you want to try this.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,314 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot