-
Type:
Task
-
Resolution: Done
-
Priority:
Critical - P2
-
Affects Version/s: None
-
None
The docs for ldapUserCacheStalenessInterval state that "if more than ldapUserCacheStalenessInterval seconds elapse without a successful refresh of the user information from the LDAP server, then mongod:
1. Invalidates the cached LDAP user information
2. Is unavailable for LDAP users. LDAP users are unable to authenticate until mongod contacts the LDAP server"
After this change, we should change the second bullet point to the following:
2. Unauthenticated connections are unable to authenticate as LDAP users until mongod contacts the LDAP server. However, connections previously authenticated as LDAP users remain authorized with mongod's last-known privileges from the LDAP server until it is able to contact the LDAP server and start refreshing up-to-date information again.
Description of Linked Ticket
Connections which have already been authenticated as LDAP users should remain authenticated and capable of issuing operations with their last-known privileges during LDAP server downtime, provided that the privileges are updated as soon as the LDAP server comes back up.
- documents
-
SERVER-77005 Leave LDAP users logged-in during LDAP downtime
-
- Closed
-
- is duplicated by
-
DOCS-16204 [BACKPORT] [v7.0] Leave LDAP users logged-in during LDAP downtime
-
- Closed
-