You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2015/06/15 16:18:02 UTC

[Bug 58037] New: LDAP module leaks connections when LDAPConnectionPoolTTL is zero

https://bz.apache.org/bugzilla/show_bug.cgi?id=58037

            Bug ID: 58037
           Summary: LDAP module leaks connections when
                    LDAPConnectionPoolTTL is zero
           Product: Apache httpd-2
           Version: 2.4.12
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ldap
          Assignee: bugs@httpd.apache.org
          Reporter: phelps@gnusto.com

My team uses apache for our Subversion server, and apache is configured to
authenticate users against an LDAP server.  After a recent upgrade from 2.2 to
2.4, we noticed that it would take longer and longer to check out a large
repository.  We currently have the LDAPConnectionPoolTTL set to 0 to work
around a separate issue, which turns out to be important.

I recently investigated and found that uldap_connection_find was taking more
and more time, and that the number of entries in st->connections was increasing
by one on each authentication request.  After stepping through the code with
gdb, I noticed that the calls to apr_thread_mutex_trylock always indicate that
they're busy.  Each call to the function traverses the entire list of
connections (twice) and finds each one locked.  It then creates and returns a
new entry.

Looking at uldap_connection_close, I see that the lock is released only if
ldc->keep is non-zero.  But that field will be set to zero if
st->connection_pool_ttl is zero, as it is in our configuration.  One way to fix
the problem would be to shift the unlock operation out of the else block, and
that does resolve the issue for us.  I'll attach a patch shortly.

It should be easy enough to reproduce this issue given access to an LDAP
server.  Simply configure httpd to not pool connections, and time how long it
takes to make a request that triggers the LDAP authentication.  Then make tens
of thousands of such requests and test again.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58037] LDAP module leaks connections when LDAPConnectionPoolTTL is zero

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58037

Ted Phelps <ph...@gnusto.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |PatchAvailable

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58037] LDAP module leaks connections when LDAPConnectionPoolTTL is zero

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58037

--- Comment #2 from Eric Covener <co...@gmail.com> ---
(In reply to Ted Phelps from comment #1)
> Created attachment 32823 [details]
> Proposed fix
> 
> I'm attaching a simple patch that causes uldap_connection_close to always
> unlock the newly-closed connection.  This resolves the issue we were seeing,
> and doesn't appear to introduce any new issues.

thanks, taking a look soon. Please followup if no activity

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58037] LDAP module leaks connections when LDAPConnectionPoolTTL is zero

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58037

Yann Ylavic <yl...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Yann Ylavic <yl...@gmail.com> ---
Backported to upcoming 2.4.15 in r1686275.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58037] LDAP module leaks connections when LDAPConnectionPoolTTL is zero

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58037

--- Comment #1 from Ted Phelps <ph...@gnusto.com> ---
Created attachment 32823
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32823&action=edit
Proposed fix

I'm attaching a simple patch that causes uldap_connection_close to always
unlock the newly-closed connection.  This resolves the issue we were seeing,
and doesn't appear to introduce any new issues.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org