Run all LDAP operations in thread pool

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Major - P3
    • 4.3.1
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • Security 2019-07-29, Security 2019-08-12, Security 2019-08-26
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      We've found that LDAP operations can hang if establishing a new LDAP connection needs to perform side-channel operations - such as GSSAPI auth for the LDAP lookup user - that don't respect the LDAP timeout values. Since we introduced a thread pool for doing LDAP connection pooling, we should just run all LDAP operations inside that thread pool so we can abandon long-running operations and return a quick and reliable error to the user on failure rather than hanging for forever.

              Assignee:
              Jonathan Reams
              Reporter:
              Jonathan Reams
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: