LDAP Outpost creates pending TCP connections #3995
Description
Describe the bug
The FlowExecutor of the LDAP Server (general all go programs using the FlowExecutor) create an independent http.Transport, which is not being cleaned up when going out of scope. As the client and server (for good reason!) keep the connections alive, there will be a lot of open connections when a large number of users are active
To Reproduce
- Start a server and an LDAP
- Login repeatedly via LDAP
lsof/netstat -tuthe connections
Expected behavior
The amount of open connections should remain constant
Screenshots
root@57c8f3423335:/# netstat -tu | grep gen-debug-authen
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:45864 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:34224 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:34470 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:34482 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:59992 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:43528 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:59546 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:33444 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:34210 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:56140 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:41062 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:39664 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:53924 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:42548 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:51854 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:49390 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:45748 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:36216 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:53754 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:34644 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:36712 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:55782 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:50116 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:59264 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:44574 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:42950 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:50250 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:34476 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:53286 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:37948 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:44176 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:34202 ESTABLISHED
tcp6 0 0 gen-debug-server-1:9000 gen-debug-authent:35448 ESTABLISHED
Logs
Version and Deployment (please complete the following information):
- authentik version: 2022.10.1
- Deployment: docker-compose
Additional context
An easy fix is to use the http.Client provided in the FlowExecutor via the refConfig passed in
https://github.com/goauthentik/authentik/blob/main/internal/outpost/flow/executor.go#L53
I will also provide a PR