Shib IdP v 4.2.1 + LDAP connections in Tomcat

Mak, Steven makst at
Mon Nov 7 15:28:52 UTC 2022

Hi all,

I wanted to ask the users list if I was doing something wrong.

We are currently using Shibboleth IDP v4.2.1 upgraded from v3 over the years.

We recently added an LDAP data connector using these non-default pool settings (everything else default):


So I've noticed with netstat the number of ESTABLISHED LDAP connections on startup = 6 connections (not 3). And then every time the resolver reloads yields +6 more connections.

If I reload the resolver as a test, it will add 6 more ldap connections for every reload and they don't go away. My production IdP stayed at 36 established ldap connections for 10 days even during low load periods. The connections don't go away until I restart tomcat.

I read through some older emails in here and Scott stated that unboundid should not have these types of persistent ldap connections. I don't think I've purposely disabled unboundid.

I was curious if maybe this is something I need to fix in tomcat or maybe at the OS.

Steve Mak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list