Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-35010

LDAP failover/failback selection is suboptimal

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Gone away
    • 3.6.3
    • None
    • Networking, Security
    • None
    • Security

    Description

      Undesirable behaviour has been observed with respect to LDAP server failover and failback.  The reproduction case indicates that one of the failure modes leads to undesirable behaviour and is fairly suboptimal.

      I suggest this stems from the root issue that the mongod has no notion of LDAP server availability.  There is no keepalive or heartbeat, nor any reasonable attempt to load balance requests across multiple LDAP servers as the primary server is overwhelmingly preferred (even in the event of failure).

      Attachments

        Issue Links

          Activity

            People

              backlog-server-security Backlog - Security Team
              luke.prochazka@mongodb.com Luke Prochazka
              Votes:
              9 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: