Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP Outpost creates pending TCP connections #3995

Closed
d-schiffner opened this issue Nov 13, 2022 · 1 comment · Fixed by #3996
Closed

LDAP Outpost creates pending TCP connections #3995

d-schiffner opened this issue Nov 13, 2022 · 1 comment · Fixed by #3996
Labels
bug Something isn't working

Comments

@d-schiffner
Copy link
Contributor

Describe the bug
The FlowExecutor of the LDAP Server (general all go programs using the FlowExecutor) create an independent http.Transport, which is not being cleaned up when going out of scope. As the client and server (for good reason!) keep the connections alive, there will be a lot of open connections when a large number of users are active

To Reproduce

  1. Start a server and an LDAP
  2. Login repeatedly via LDAP
  3. lsof / netstat -tu the connections

Expected behavior
The amount of open connections should remain constant

Screenshots

root@57c8f3423335:/# netstat -tu | grep gen-debug-authen
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:45864 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:34224 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:34470 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:34482 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:59992 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:43528 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:59546 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:33444 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:34210 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:56140 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:41062 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:39664 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:53924 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:42548 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:51854 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:49390 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:45748 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:36216 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:53754 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:34644 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:36712 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:55782 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:50116 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:59264 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:44574 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:42950 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:50250 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:34476 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:53286 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:37948 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:44176 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:34202 ESTABLISHED
tcp6       0      0 gen-debug-server-1:9000 gen-debug-authent:35448 ESTABLISHED

Logs

Version and Deployment (please complete the following information):

  • authentik version: 2022.10.1
  • Deployment: docker-compose

Additional context
An easy fix is to use the http.Client provided in the FlowExecutor via the refConfig passed in

https://github.com/goauthentik/authentik/blob/main/internal/outpost/flow/executor.go#L53

I will also provide a PR
@d-schiffner d-schiffner added the bug Something isn't working label Nov 13, 2022
@d-schiffner
Copy link
Contributor Author

For further reading: golang/go#24739

@d-schiffner d-schiffner mentioned this issue Nov 13, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: Using the same http transport as the api d-schiffner/authentik
1 participant
@d-schiffner