[SERVER-43763] Figure out if global LDAP synchronization can be disabled when libldap is built with OpenSSL. - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.2.4, 4.3.2, 4.0.18
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.2, v4.0
Sprint:
Security 2019-11-04, Security 2019-11-18, Security 2019-12-02
Case:

Description

RHEL7.5 ships a libldap backed by OpenSSL instead of NSS. This may mitigate the concurrency issues which drove us to libldap_r. This suggests that libldap.so may be viable again. However, it may not advertise the thread safety flags which we rely upon to enable or disable global synchronization around libldap calls.

We should investigate whether we can dynamically detect the underlying TLS implementation underneath libldap, and use that information to toggle synchronization.

Attachments

Activity

People

Assignee:: Mark Benvenuto

Reporter:: Spencer Jackson

Participants:: Githook User, Mark Benvenuto, Spencer Jackson

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: Oct 02 2019 04:01:38 PM UTC

Updated:: Jan 06 2022 06:34:29 AM UTC

Resolved:: Nov 19 2019 07:33:28 PM UTC