There is still one bug with the fix :
In step 1, the "hasMore" is not called after the "next" is called, so the naming enumeration is not automatically closed.
Here is the complete fix :
 SearchResult result = (SearchResult) namingEnumeration.next();
 userDN = (String) result.getName();
With the complete fix, maximum 10 LDAP connections are simultaneously in "ESTABLISHED" state (in netstat) with 10 concurrent users, instead of hundreds.
Beware that there are still cases (although I cannot give an practical example) where a NamingException might be thrown by "next" or "hasMore", in which case the naming enumeration would not be read up to the end.