From 00327706b0c00019ecc7b221c68cb6fdc14a9c27 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 22 Jan 2020 21:57:06 -0800 Subject: [PATCH] GUACAMOLE-936: Each LdapNetworkConnection must be closed or threads are leaked, causing Tomcat to fail to shutdown. --- .../ldap/AuthenticationProviderService.java | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index 9004c132b..a9f39cf7f 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -204,18 +204,26 @@ public class AuthenticationProviderService { // Attempt bind LdapNetworkConnection ldapConnection = ldapService.bindAs(bindDn, password); - - // Retrieve group membership of the user that just authenticated - Set effectiveGroups = - userGroupService.getParentUserGroupIdentifiers(ldapConnection, - bindDn); + try { - // Return AuthenticatedUser if bind succeeds - LDAPAuthenticatedUser authenticatedUser = authenticatedUserProvider.get(); - authenticatedUser.init(credentials, getAttributeTokens(ldapConnection, - bindDn), effectiveGroups, bindDn); - - return authenticatedUser; + // Retrieve group membership of the user that just authenticated + Set effectiveGroups = + userGroupService.getParentUserGroupIdentifiers(ldapConnection, + bindDn); + + // Return AuthenticatedUser if bind succeeds + LDAPAuthenticatedUser authenticatedUser = authenticatedUserProvider.get(); + authenticatedUser.init(credentials, getAttributeTokens(ldapConnection, + bindDn), effectiveGroups, bindDn); + + return authenticatedUser; + + } + + // Always disconnect + finally { + ldapService.disconnect(ldapConnection); + } }