Major - P3
This adds a connection pool to manage LDAP connections used for LDAP authn/authz. In 4.2 it is on by default if mongod is linked to the thread-safe version of openldap on Linux, and always enabled on Windows. There is also a set parameter to disable it.
Engineering Ticket Description:
When enabling LDAP in the typical setting, mongod process is using the three separate TCP connections to the LDAP server(s) for every db.auth() command:
1. One (or more) connections for the sections in the security.ldap.userToDNMapping option with the ldapQuery predicates
2. A single connection to authenticate the user by using the bind operation
3. A single connection to obtain the list of groups for authorization.
I am wondering if we could create a single TCP connection during the step 1 or 2 and reuse it for the next steps without reestablishing connection every time for the particular thread (==session) in the server?
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
SERVER-34260 Ability to reuse a single TCP connection from mongod to the LDAP server
- related to
DOCS-12337 Docs for SERVER-33852: libldap is not threadsafe with NSS
- In Progress