Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-35010

LDAP failover/failback selection is suboptimal

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Gone away
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.6.3
    • Component/s: Networking, Security
    • None
    • Server Security

      Undesirable behaviour has been observed with respect to LDAP server failover and failback.  The reproduction case indicates that one of the failure modes leads to undesirable behaviour and is fairly suboptimal.

      I suggest this stems from the root issue that the mongod has no notion of LDAP server availability.  There is no keepalive or heartbeat, nor any reasonable attempt to load balance requests across multiple LDAP servers as the primary server is overwhelmingly preferred (even in the event of failure).

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            luke.prochazka@mongodb.com Luke Prochazka
            Votes:
            9 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: