Spring Security When exception occurred connection is not properly closed in Spring Security ldap

Describe the bug In authentication process(using BindAuthenticator.class & FilterBasedLdapUserSearch.class), when search for user throws an naming exception such as "Read-timeout", ldap context is not closed properly and this sometimes results in program hanging.

To Reproduce Steps to reproduce the behavior. 1. Authenticate the user using BindAuthenticator.authenticate method with OPENLDAP server 2. Search for user results in read time-out exception

Expected behavior When search for user results in exception, BindAuthenticator.authenticate() method should capture the exception and close the connection used properly.

Comment From: jzheaux

Thanks for the report, @ranjaniD21, let's take a look.

As far as I can tell, the context - and, by association, the connection - is closed in both the classes you referred to.

In BindAuthenticator, the context is closed in a finally block.

As for FilterBasedLdapUserSearch, it doesn't manage the connection itself, but delegates that to LdapTemplate, which also closes the context in a finally block.

A sample application or test that reproduces the issue would be helpful. Would you be able to provide that?

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.