[SERVER-40930] Run all LDAP operations in thread pool - MongoDB

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.3.1
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Epic Link:
Security FY2020Q2 Quick Wins
Sprint:
Security 2019-07-29, Security 2019-08-12, Security 2019-08-26

Description

We've found that LDAP operations can hang if establishing a new LDAP connection needs to perform side-channel operations - such as GSSAPI auth for the LDAP lookup user - that don't respect the LDAP timeout values. Since we introduced a thread pool for doing LDAP connection pooling, we should just run all LDAP operations inside that thread pool so we can abandon long-running operations and return a quick and reliable error to the user on failure rather than hanging for forever.

Attachments

Activity

People

Assignee:: Jonathan Reams

Reporter:: Jonathan Reams

Participants:: Githook User, Jonathan Reams

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: May 01 2019 04:22:03 PM UTC

Updated:: Aug 13 2019 07:55:01 PM UTC

Resolved:: Aug 13 2019 07:55:01 PM UTC