Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-35010

LDAP failover/failback selection is suboptimal

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Gone away
    • Icon: Major - P3 Major - P3
    • None
    • 3.6.3
    • Networking, Security
    • None
    • Server Security

    Description

      Undesirable behaviour has been observed with respect to LDAP server failover and failback.  The reproduction case indicates that one of the failure modes leads to undesirable behaviour and is fairly suboptimal.

      I suggest this stems from the root issue that the mongod has no notion of LDAP server availability.  There is no keepalive or heartbeat, nor any reasonable attempt to load balance requests across multiple LDAP servers as the primary server is overwhelmingly preferred (even in the event of failure).

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            luke.prochazka@mongodb.com Luke Prochazka
            Votes:
            9 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: