Spring LDAP: Connection reset by peer

Question

I'm using Spring LdapTemplate class to access ldap. I'm using a pool of ldap connections (PoolingContextSource class) to avoid creating connections all the time at runtime. However, I get this exception sometimes at my application:

javax.servlet.ServletException: org.springframework.ldap.CommunicationException: Connection reset; 
nested exception is javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; 
Remaining name: 'ou=memberlist,ou=mygroups,o=mycompany.com'

(...)

My ldap classes are defined in the following xml

<bean id="contextSource" class="com.ibm.tp4.spring.ldap.CustomPoolingContextSource">
  <property name="contextSource" ref="contextSourceTarget" />
  <property name="testWhileIdle" value="true" />
  <property name="minEvictableIdleTimeMillis" value="300000" />
  <property name="timeBetweenEvictionRunsMillis" value="10000"/>
  <property name="dirContextValidator">
    <bean class="org.springframework.ldap.pool.validation.DefaultDirContextValidator" />
  </property>
</bean>

<bean id="contextSourceTarget" class="org.springframework.ldap.core.support.LdapContextSource">
  <property name="url" value="${ldap.url}" />
  <property name="pooled" value="false" />
  <property name="anonymousReadOnly" value="true" />
</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
  <constructor-arg ref="contextSource" />
</bean>

<bean id="myLdapResolver" class="com.ibm.tp4.model.service.user.MyLdapResolver">
  <constructor-arg ref="ldapTemplate" />
  <property name="ldapUserSearchBase" value="${ldap.user.search_base}" />
  <property name="ldapUserEmailAddressField" value="${ldap.user.email_address}" />
  <property name="ldapAttributes" value="${ldap.user.attributes}" />
</bean>

Has anyone experienced this problem and can suggest a solution?

I thought about using testOnReturn parameter in the pool properties instead of connection evictor used right now. When I do, I get the following warning when I run my web application in the browser:

WARN [org.springframework.ldap.pool.validation.DefaultDirContextValidator] - 
DirContext 'javax.naming.ldap.InitialLdapContext@d150d15' failed validation with an 
exception.javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; 
Remaining name: ''

and soon after, I get this exception:

org.springframework.dao.DataAccessResourceFailureException: Failed to borrow DirContext from pool.; nested exception is java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed  
org.springframework.ldap.pool.factory.PoolingContextSource.getContext(PoolingContextSource.java:425)

Thanks in advance.

Answer 1

It looks like the time out definition is way to low. There is a official Site from Oracle that will give you the possibility to figure out the source of the problem, very likely its not "Spring" its the Sun Ldap connector or your Ldap Server. Lots of people are against providing Links but i simply can't copy this page, maybe you try the "raw" statement on their site to see if it occurs too. It will bring you a step closer to your solution. (probably the ldap timeout config)

http://docs.oracle.com/javase/tutorial/jndi/newstuff/readtimeout.html

env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
env.put("com.sun.jndi.ldap.read.timeout", "1000");
env.put(Context.PROVIDER_URL, "ldap://localhost:2001");

Server s = new Server();

try {

    // start the server
    s.start();

   // Create initial context
   DirContext ctx = new InitialDirContext(env);
   System.out.println("LDAP Client: Connected to the Server");
        :
        :
} catch (NamingException e) {
   e.printStackTrace();
}