-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Fully Compatible
-
Security 2019-07-29, Security 2019-08-12, Security 2019-08-26
We've found that LDAP operations can hang if establishing a new LDAP connection needs to perform side-channel operations - such as GSSAPI auth for the LDAP lookup user - that don't respect the LDAP timeout values. Since we introduced a thread pool for doing LDAP connection pooling, we should just run all LDAP operations inside that thread pool so we can abandon long-running operations and return a quick and reliable error to the user on failure rather than hanging for forever.