[SERVER-34260] Ability to reuse a single TCP connection from mongod to the LDAP server - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.9, 4.1.8
Component/s: Networking, Security
Labels:
- platforms_security

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.0, v3.6
Sprint:
Security 2018-12-17, Security 2018-12-31, Security 2019-01-14, Security 2019-01-28
Case:

Description

When enabling LDAP in the typical setting, mongod process is using the three separate TCP connections to the LDAP server(s) for every db.auth() command:
1. One (or more) connections for the sections in the security.ldap.userToDNMapping option with the ldapQuery predicates
2. A single connection to authenticate the user by using the bind operation
3. A single connection to obtain the list of groups for authorization.

I am wondering if we could create a single TCP connection during the step 1 or 2 and reuse it for the next steps without reestablishing connection every time for the particular thread (==session) in the server?

Attachments

Issue Links

is documented by

DOCS-12401 Docs for SERVER-34260: Ability to reuse a single TCP connection from mongod to the LDAP server

Closed

is duplicated by

SERVER-38885 Log LDAP thread safety warning only once.

Closed

is related to

SERVER-37193 Implement connection pooling for the LDAP servers

Closed

SERVER-33852 libldap is not threadsafe with NSS

Closed

related to

DOCS-12337 Docs for SERVER-33852: libldap is not threadsafe with NSS

In Progress

SERVER-35010 LDAP failover/failback selection is suboptimal

Closed

(1 related to)

Activity

People

Assignee:: Jonathan Reams

Reporter:: Andrey Brindeyev

Participants:: Andrey Brindeyev, Githook User, Jonathan Reams

Votes:: 3 Vote for this issue

Watchers:: 142 Start watching this issue

Dates

Created:: Mar 30 2018 03:56:10 PM UTC

Updated:: Apr 07 2020 07:19:11 AM UTC

Resolved:: Jan 23 2019 10:18:42 PM UTC