Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31893

Explicitly define timeout for synchronous LDAP calls

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.4.15, 3.6.3, 3.7.2
    • Affects Version/s: 3.4.2
    • Component/s: Security
    • None
    • Minor Change
    • ALL
    • v3.6, v3.4
    • Platforms 2018-01-29

      Enterprise Server currently sets two types of timeouts for libldap, LDAP_OPT_TIMELIMIT and LDAP_OPT_NETWORK_TIMEOUT.

      Turns out there's a third timeout parameter in libldap which is used to determine how long to synchronously wait for asynchronous operations to finish. We use a synchronous authentication command, while apparently calls the async version under the hood, then calls ldap_result.

      The internal code sets the timeout to NULL which results in an indefinite timeout for the password verification connection, resulting in the session accumulation in the server.

            spencer.jackson@mongodb.com Spencer Jackson
            andrey.brindeyev@mongodb.com Andrey Brindeyev
            1 Vote for this issue
            6 Start watching this issue