Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Won't Fix
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Server Security
Case:
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

ldapUserCacheInvalidationInterval clear the cache for all users at the same time.

2020-11-18T16:06:25.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
2020-11-18T16:06:25.608+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external
...
2020-11-18T16:06:55.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
2020-11-18T16:06:55.609+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external

Can we improve this to invalidate the autorized-connections after n seconds have passed instead? (where n = ldapUserCacheInvalidationInterval)

If a user was authorized just before the the cache was invalidated, this will cause an unnecessary ldap call shortly after (on top of risking accumulating all these requests at once)

related to

SERVER-59148 LDAP Authorization cache refresh

Closed

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Ivan Grigolon
Participants:: [DO NOT USE] Backlog - Security Team, Ivan Grigolon, Mark Benvenuto
Votes:: 1 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Nov 19 2020 12:17:14 AM UTC
Updated:: Dec 06 2022 01:43:58 AM UTC
Resolved:: Oct 05 2021 08:11:56 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates