number of ldap connections

We've configured our JIRA instance with an internal user directory with ldap authentication (Delegated Authentication Directory) In front of our JIRA server, there's some network security infrastructure which handles the authentication for all our webbased applications (with single-signon) by asking the user credentials through a webbased form the first time a users enters the application. From that moment an "authorization" http header is added to the request when forwarded to the JIRA server. We noticed that when we access JIRA through this system, for instance going to the dashboard, generates a lot of TCP connections to our ldap server, and this for every request even when we are already logged in. Going to one dashboard with 14 gadgets generates 60 TCP connections from the JIRA server to LDAP. When we bypass that authentication system and go directly to the JIRA server and log in by in JIRA, we don't see those connections appear. I've found similar behaviour posted in the bug report : https://jira.atlassian.com/browse/JRA-28714, but this is with an Apache server running in front of JIRA. The questions are : - What's the reason for these extra ldap connections, although we're already logged in (there is a jsessionid) - Is it possible to configure connection pooling for an internal user directory with ldap authentication - Those ldap connections appear to be very fast and only used for a very short time, but on the JIRA server we see a lot of these TCP connections going into a TCP status "TIME_WAIT" and remains there for 4 minutes until these TCP sockets are back available (default Windows 2008 R2 server timeout). Is this normal behaviour?

1 answer

This widget could not be displayed.

Some extra info : the infrastructure that is in front of JIRA is :

  • "Access Manager" (AM) a reverse proxy with single-signon capabilities. This system will ask an end-user to authenticatie (form-based, basic authentication) when he wants to access http://www.securex.eu/<application>. The end-user only has to login in once, a session will be created and authorization http header is added to the requests when sent to the backend server.
  • "Application Security Manager" (ASM) : for url filtering (security) and forwarding to the backend server in our case JIRA.
    Both systems are part of the F5 BIGIP product suite.

Schematic : internet or internal network -> AM -> ASM -> JIRA


There is no special configuration in JIRA concerning the SSO. In JIRA A generic user directory server is configured to the same ldap server that is used by the AM.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

283 views 1 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you