LDAP connections remain

Added by Tsugeharu AKAI 2 months ago

In my company, we use Redmine with LDAP authentication.
However, there is a severe problem.
The LDAP authentication is successful.
But the LDAP connections used for authentication continue to remain and exceed the max connection count on LDAP server.
Eventually, it will not be able to authenticate any more.

I've invastigated it for a couple of days and now it seems that the cause is that LDAP "unbind" method is not called before the LDAP connection is closed.

The follling is Open LDAP server' log when I make a test connection on ldap_auth_test.png

test-ldap       | 5eb88b88 conn=1018 fd=12 ACCEPT from IP=172.18.0.4:39026 (IP=0.0.0.0:389)
test-ldap       | 5eb88b88 conn=1018 op=0 BIND dn="cn=admin,dc=ldap,dc=test" method=128
test-ldap       | 5eb88b88 conn=1018 op=0 BIND dn="cn=admin,dc=ldap,dc=test" mech=SIMPLE ssf=0
test-ldap       | 5eb88b88 conn=1018 op=0 RESULT tag=97 err=0 text=                             
test-ldap       | 5eb88b88 conn=1018 fd=12 closed (connection lost)                             : UNBIND method should be called before here?
test-ldap       | 5eb88b88 conn=1019 fd=12 ACCEPT from IP=172.18.0.4:39028 (IP=0.0.0.0:389)
test-ldap       | 5eb88b88 conn=1019 op=0 BIND dn="cn=admin,dc=ldap,dc=test" method=128
test-ldap       | 5eb88b88 conn=1019 op=0 BIND dn="cn=admin,dc=ldap,dc=test" mech=SIMPLE ssf=0
test-ldap       | 5eb88b88 conn=1019 op=0 RESULT tag=97 err=0 text=
test-redmine    | 192.168.1.20 - - [11/May/2020:08:17:28 JST] "GET /auth_sources/1/test_connection HTTP/1.1" 302 98
test-redmine    | http://192.168.1.15/auth_sources -> /auth_sources/1/test_connection
test-ldap       | 5eb88b88 conn=1019 fd=12 closed (connection lost)
test-redmine    | 192.168.1.20 - - [11/May/2020:08:17:28 JST] "GET /auth_sources HTTP/1.1" 200 6815
test-redmine    | http://192.168.1.15/auth_sources -> /auth_sources

The log shows that UNBIND method is not called before connection closed.

Are there any solutions?
I don't know what to do anymore.Please help.

BTW, I'm using official docker image as follows:

image: redmine:4.1

Environment:
  Redmine version                4.1.1.stable
  Ruby version                   2.6.6-p146 (2020-03-31) [x86_64-linux]
  Rails version                  5.2.4.2
  Environment                    production
  Database adapter               PostgreSQL
  Mailer queue                   ActiveJob::QueueAdapters::AsyncAdapter
  Mailer delivery                smtp

ldap_auth_test.png - ldaptestconnection (86.5 KB)