Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11320

Docs for SERVER-33158: Logical Session refresh batches are too large

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.7.2, 3.6.3
    • None
    • None

    Description

      Documentation Request Summary:

      Usernames are capped at 10k bytes when used with logical sessions.

      Wired tiger indexes already imposed a 1024 byte limit for internally auth'd users, this limit applies to externally auth'd users (ldap, x509, etc)

      Scope of changes:

      • source/core/kerberos.txt
      • source/core/security-ldap.txt
      • source/core/security-x.509.txt
      • source/includes/apiargs-dbcommand-createUser-field.yaml since added to db.createUser
      • source/includes/extracts-create-users-base.yaml
      • source/includes/steps-configure-ldap-mongodb.yaml
      • source/includes/steps-control-access-to-mongodb-windows-with-kerberos-authentication.yaml
      • source/includes/steps-control-access-to-mongodb-with-kerberos-authentication.yaml
      • source/reference/command/createUser.txt
      • source/reference/method/db.createUser.txt
      • source/tutorial/configure-x509-client-authentication.txt
      • source/tutorial/create-users.txt since added to extracts-create-users-base
      • source/reference/server-sessions.txt
      • source/reference/limits.txt

      + backport

      Impact to other docs outside of this product:

      none

      MVP:

      Resources:

      Engineering Ticket Description:

      The batches created by the LogicalSessionCache can exceed the 16mb bson size limit for bson on the wire. This will cause the refresh step to fail, preventing logical sessions from ever being synced to the global collection.

      This happens because we don't explicitly size our batches (we were relying on the write_cmd item batch limit, rather than a byte limit). Previously the write_cmd batch limit had been 1000 items, which allowed for 16k per record. The new limit is 100k, which gives a 160 byte budget we can exceed with very large user names (as we sync the lsid + the user@db name).

      By forcing a new 10k limit on username sizes used with logical sessions we can then ensure that a lower 1k limit will always be safe.

      Attachments

        Issue Links

          Activity

            People

              kay.kim@mongodb.com Kay Kim (Inactive)
              kay.kim@mongodb.com Kay Kim (Inactive)
              Kay Kim Kay Kim (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                4 years, 2 weeks ago