Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-52940

Improve ldapUserCacheInvalidationInterval behaviour

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Won't Fix
    • None
    • None
    • Security
    • None
    • Security

    Description

      ldapUserCacheInvalidationInterval clear the cache for all users at the same time.

      2020-11-18T16:06:25.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
      2020-11-18T16:06:25.608+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external
      ...
      2020-11-18T16:06:55.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
      2020-11-18T16:06:55.609+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external
      
      

      Can we improve this to invalidate the autorized-connections after n seconds have passed instead? (where n = ldapUserCacheInvalidationInterval)

      If a user was authorized just before the the cache was invalidated, this will cause an unnecessary ldap call shortly after (on top of risking accumulating all these requests at once)

      Attachments

        Issue Links

          Activity

            People

              backlog-server-security Backlog - Security Team
              ivan.grigolon@mongodb.com Ivan Grigolon
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: