number of ldap connections

We've configured our JIRA instance with an internal user directory with ldap authentication (Delegated Authentication Directory) In front of our JIRA server, there's some network security infrastructure which handles the authentication for all our webbased applications (with single-signon) by asking the user credentials through a webbased form the first time a users enters the application. From that moment an "authorization" http header is added to the request when forwarded to the JIRA server. We noticed that when we access JIRA through this system, for instance going to the dashboard, generates a lot of TCP connections to our ldap server, and this for every request even when we are already logged in. Going to one dashboard with 14 gadgets generates 60 TCP connections from the JIRA server to LDAP. When we bypass that authentication system and go directly to the JIRA server and log in by in JIRA, we don't see those connections appear. I've found similar behaviour posted in the bug report :, but this is with an Apache server running in front of JIRA. The questions are : - What's the reason for these extra ldap connections, although we're already logged in (there is a jsessionid) - Is it possible to configure connection pooling for an internal user directory with ldap authentication - Those ldap connections appear to be very fast and only used for a very short time, but on the JIRA server we see a lot of these TCP connections going into a TCP status "TIME_WAIT" and remains there for 4 minutes until these TCP sockets are back available (default Windows 2008 R2 server timeout). Is this normal behaviour?

1 answer

Some extra info : the infrastructure that is in front of JIRA is :

  • "Access Manager" (AM) a reverse proxy with single-signon capabilities. This system will ask an end-user to authenticatie (form-based, basic authentication) when he wants to access<application>. The end-user only has to login in once, a session will be created and authorization http header is added to the requests when sent to the backend server.
  • "Application Security Manager" (ASM) : for url filtering (security) and forwarding to the backend server in our case JIRA.
    Both systems are part of the F5 BIGIP product suite.

Schematic : internet or internal network -> AM -> ASM -> JIRA

There is no special configuration in JIRA concerning the SSO. In JIRA A generic user directory server is configured to the same ldap server that is used by the AM.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,711 views 17 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you