LdapConnection with TLS hangs server (threading issue?)

Question

User906119300 posted

Hi, if my LdapConnection code starts TLS twice (same moment, same process), then the server CPU goes to 100%, and the code hangs in Bind() and StartTransportLayerSecurity().

The code itself and the configuration (ports, permissions, certificates etc) seem ok. One call at a time succeeds. Bind() with correct credentials works fine.

I have reproduced the problem in a small asp.net page below. To reproduce, you need a working LDAP server with TLS enabled and a correct certificate, then:

• Set up an LdapConnection to an ldap server.
• In the credentials, supply an existing user but a wrong password. If the password is correct, then the Bind() will return in 15ms and it is hard to fire two pages at exactly the same time. If the password is wrong, Bind() takes 3 seconds.
• Set up TLS with StartTransportLayerSecurity(), call Bind()
• From two different browsers, try the test page one at a time. It should return a nice error message about Invalid Credentials.
• Now refresh both browsers within 3 seconds from eachother. Your server will hang. Do iisreset to continue..

Can anyone confirm if this is a known issue - or if I am doing something wrong here? Thanks for any help,

  

<%@ Page language="c#" AutoEventWireup="false" Inherits="System.Web.UI.Page" %>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.DirectoryServices.Protocols" %>
<%@ Assembly Name="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"%>

<%  
    try
    {
        NetworkCredential auth = new NetworkCredential("cn=casper,ou=staff,o=MYORG", "wrongpassword");
        LdapDirectoryIdentifier dir = new LdapDirectoryIdentifier("NDS01.myorg.net", true, false);
        using (LdapConnection conn = new LdapConnection(dir, auth, AuthType.Basic))
        {
            conn.SessionOptions.ProtocolVersion = 3;
            conn.SessionOptions.StartTransportLayerSecurity(null); // second call hangs here
            try
            {
                conn.Bind(auth); // first call hangs here
            }
            catch (Exception e)
            {
                Response.Write("Bind fails: " + e.ToString());
            }
            conn.SessionOptions.StopTransportLayerSecurity();
        }
        Response.Write("Done");
    }
    catch (Exception e)
    {
        Response.Write("Exception: " + e.ToString());
    }
%>

 

Casper

Answer 1

User1352733310 posted

Did you ever figure this out? I am having this same issue.

Answer 2

User1726044602 posted

We were experiencing the same issue. We have implemented some kind of synchronization (via MutexSemaphore class) to avoid this situation. Everything is working now.

Answer 3

User-984985703 posted

Hi, 

I am having this same issue. I tried to add a lock but it still hung. Any ideas?

lock (m_connectionLock)
{
	connection.SessionOptions.StartTransportLayerSecurity(null);
	connection.Bind();
}

Thanks,
Victor

Answer 4

User-678016013 posted

We are having the same issue as well.  I put synchronization around ANY LDAP operation and it seems to be fine at the moment.  It appears the underlying library (which I think is a native C library) is NOT thread safe.  Might have to implement out-of-process instances to actually have a functioning LDAP pool....