Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-52940

Improve ldapUserCacheInvalidationInterval behaviour

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Case:

      Description

      ldapUserCacheInvalidationInterval clear the cache for all users at the same time.

      2020-11-18T16:06:25.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
      2020-11-18T16:06:25.608+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external
      ...
      2020-11-18T16:06:55.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
      2020-11-18T16:06:55.609+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external
      
      

      Can we improve this to invalidate the autorized-connections after n seconds have passed instead? (where n = ldapUserCacheInvalidationInterval)

      If a user was authorized just before the the cache was invalidated, this will cause an unnecessary ldap call shortly after (on top of risking accumulating all these requests at once)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-security Backlog - Security Team
              Reporter:
              ivan.grigolon Ivan Grigolon
              Participants:
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: