Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31893

Explicitly define timeout for synchronous LDAP calls

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.4.2
    • Fix Version/s: 3.4.15, 3.6.3, 3.7.2
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL
    • Backport Requested:
      v3.6, v3.4
    • Sprint:
      Platforms 2018-01-29

      Description

      Enterprise Server currently sets two types of timeouts for libldap, LDAP_OPT_TIMELIMIT and LDAP_OPT_NETWORK_TIMEOUT.

      Turns out there's a third timeout parameter in libldap which is used to determine how long to synchronously wait for asynchronous operations to finish. We use a synchronous authentication command, while apparently calls the async version under the hood, then calls ldap_result.

      The internal code sets the timeout to NULL which results in an indefinite timeout for the password verification connection, resulting in the session accumulation in the server.

        Attachments

          Activity

            People

            Assignee:
            spencer.jackson Spencer Jackson
            Reporter:
            andrey.brindeyev Andrey Brindeev
            Participants:
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: