[SERVER-31893] Explicitly define timeout for synchronous LDAP calls - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 3.4.2
Fix Version/s: 3.4.15, 3.6.3, 3.7.2
Component/s: Security
Labels:
None

Backwards Compatibility:
Minor Change
Operating System:
ALL
Backport Requested:

v3.6, v3.4
Sprint:
Platforms 2018-01-29

Description

Enterprise Server currently sets two types of timeouts for libldap, LDAP_OPT_TIMELIMIT and LDAP_OPT_NETWORK_TIMEOUT.

Turns out there's a third timeout parameter in libldap which is used to determine how long to synchronously wait for asynchronous operations to finish. We use a synchronous authentication command, while apparently calls the async version under the hood, then calls ldap_result.

The internal code sets the timeout to NULL which results in an indefinite timeout for the password verification connection, resulting in the session accumulation in the server.

Attachments

Activity

People

Assignee:: Spencer Jackson

Reporter:: Andrey Brindeyev

Participants:: Andrey Brindeyev, Githook User, Spencer Jackson

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Nov 09 2017 04:31:32 PM UTC

Updated:: Apr 02 2018 10:06:54 PM UTC

Resolved:: Jan 17 2018 11:11:48 PM UTC