Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-43763

Figure out if global LDAP synchronization can be disabled when libldap is built with OpenSSL.

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2.4, 4.3.2, 4.0.18
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.2, v4.0
    • Sprint:
      Security 2019-11-04, Security 2019-11-18, Security 2019-12-02
    • Case:

      Description

      RHEL7.5 ships a libldap backed by OpenSSL instead of NSS. This may mitigate the concurrency issues which drove us to libldap_r. This suggests that libldap.so may be viable again. However, it may not advertise the thread safety flags which we rely upon to enable or disable global synchronization around libldap calls.

      We should investigate whether we can dynamically detect the underlying TLS implementation underneath libldap, and use that information to toggle synchronization.

        Attachments

          Activity

            People

            Assignee:
            mark.benvenuto Mark Benvenuto
            Reporter:
            spencer.jackson Spencer Jackson
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: