[SERVER-52940] Improve ldapUserCacheInvalidationInterval behaviour - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Security
Case:

Description

ldapUserCacheInvalidationInterval clear the cache for all users at the same time.

2020-11-18T16:06:25.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users

2020-11-18T16:06:25.608+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external

...

2020-11-18T16:06:55.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users

2020-11-18T16:06:55.609+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external

Can we improve this to invalidate the autorized-connections after n seconds have passed instead? (where n = ldapUserCacheInvalidationInterval)

If a user was authorized just before the the cache was invalidated, this will cause an unnecessary ldap call shortly after (on top of risking accumulating all these requests at once)

Attachments

Issue Links

related to

SERVER-59148 LDAP Authorization cache refresh

Closed

Activity

People

Assignee:: Backlog - Security Team

Reporter:: Ivan Grigolon

Participants:: Backlog - Security Team, Ivan Grigolon, Mark Benvenuto

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: Nov 19 2020 12:17:14 AM UTC

Updated:: Dec 06 2022 01:43:58 AM UTC

Resolved:: Oct 05 2021 08:11:56 PM UTC