Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31893

Explicitly define timeout for synchronous LDAP calls

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.4.2
    • 3.4.15, 3.6.3, 3.7.2
    • Security
    • None
    • Minor Change
    • ALL
    • v3.6, v3.4
    • Platforms 2018-01-29

    Description

      Enterprise Server currently sets two types of timeouts for libldap, LDAP_OPT_TIMELIMIT and LDAP_OPT_NETWORK_TIMEOUT.

      Turns out there's a third timeout parameter in libldap which is used to determine how long to synchronously wait for asynchronous operations to finish. We use a synchronous authentication command, while apparently calls the async version under the hood, then calls ldap_result.

      The internal code sets the timeout to NULL which results in an indefinite timeout for the password verification connection, resulting in the session accumulation in the server.

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            andrey.brindeyev@mongodb.com Andrey Brindeyev
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: