ADDITIONAL SYSTEM INFORMATION :
Behavior should be the same for all OS versions.

A DESCRIPTION OF THE PROBLEM :
The LdapContext#reconnect method allows LDAP clients to initiate an LDAP bind operation on the existing connection. Invoking this method should not open a new connection under those circumstances.

The change in this commit: https://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/021b47694183
adds a reconnect flag that does not discriminate, causing a new connection to be opened even in the case of performing a bind.

I believe further analysis will show that the previous open connection is also orphaned, that is it does not get properly torn down.

REGRESSION : Last worked in version 8u191

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
You will need an LDAP server and an entry on that server with ACLs that allow you to bind as that entry.
Compile and execute the supplied source code, providing (3) command line arguments:
1) the URL for the LDAP server
2) the DN of the entry to bind as
3) the password for the DN

From a command line execute:
java JndiReconnectBug ldap://my.ldap-server.domain 'uid=test,ou=account,dc=org,dc=domain' 'password'

During the first sleep, examine the open connections from your host to the directory.
(netstat is a common tool for this)
During the second sleep, examine the open connections again


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
During the first sleep you will see the open connection created by instantiating the InitialLdapContext.

During the second sleep you will see the same connection that has performed an LDAP bind operation.

ACTUAL -
During the first sleep you will see the open connection created by instantiating the InitialLdapContext.

During the second sleep you will see the original connection and a new connection created by the call to reconnect.

---------- BEGIN SOURCE ----------
import java.nio.charset.StandardCharsets;
import java.util.Hashtable;
import javax.naming.ldap.InitialLdapContext;

public final class JndiReconnectBug
{
  public static void main(String[] args) throws Exception {
    Hashtable<String, Object> env = new Hashtable<>();
    env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
    env.put("java.naming.ldap.version", "3");
    env.put("java.naming.provider.url", args[0]);

    // open connection
    InitialLdapContext context = new InitialLdapContext(env, null);
    System.out.println("Check open connections");
    Thread.sleep(10000);

    // send bind request
    context.addToEnvironment("java.naming.security.authentication", "simple");
    context.addToEnvironment("java.naming.security.principal", args[1]);
    context.addToEnvironment("java.naming.security.credentials", args[2].getBytes(StandardCharsets.UTF_8));
    context.reconnect(null);
    System.out.println("Check open connections");
    Thread.sleep(10000);
  }
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
No work around found.


FREQUENCY : always