Java LDAP graceful disconnect

Question

Currently from java I am connecting to LDAP with the following code, very typical example:

    Hashtable<String, String> env = new Hashtable<String, String>();

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, url);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, user);
    env.put(Context.SECURITY_CREDENTIALS, password);

    LdapContext ctx = null;

    try
    {
        ctx = new InitialLdapContext(env, null);
        return true;
    }
    catch (NamingException ex)
    {
        return false;
    }
    finally
    {
        if (ctx != null)
        {
            try {
                ctx.close();
            } catch (NamingException e) {
                log.warn(e.getMessage());
            }
        }
    }

This works in terms of authenticating the user. However the LDAP administrator is telling me that I am not disconnecting gracefully when the bind is not successful. The error on the LDAP side is (e.g.):

[24/Jan/2013:13:20:44 -0500] conn=249 op=-1 msgId=-1 - closing from [ipaddress]:44724 - A1 - Client aborted connection -

He also says when it is a successful authentication, the disconnection is graceful. I guess this is because I do the ctx.close() in that situation.

However, when authentication fails, there's actually an exception thrown from the new InitialLdapContext(env, null) line. Therefore no context is returned, and no close is called on any context.

Is there some way to retrieve some kind of connection object, before attempting the authentication, so that I can close it afterwards whether or not auth was successful?

Answer 1

Why does he care between a graceful and non-graceful close? Clearly your close is being executed in the only relevant case: the case where you succeeded. In the other case there is nothing to close, so nothing you can call. The JNDI LDAP provider closes it in the other case, and clearly it is that which is doing the abortive close. This is all under the hood in the JNDI LDAP provider. Nothing you can do about it. I suggest he find something else to worry about that's actually important.

Answer 2

Searching LDAP normally returns

NamingEnumeration<SearchResult> results

which you also need to close():

} finally {
            if(results != null) {
                try {
                    results.close();
                } catch (NamingException e) {
                    LOG.error("Error closing LDAP results", e);
                }
            }