-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: 4.4.5, 4.2.14
-
Component/s: None
-
Labels:None
-
Fully Compatible
-
Security 2021-08-09, Security 2021-08-23, Security 2021-09-06
-
(copied to CRM)
-
68
Majority of current installations in the field are still using RHEL 7/CentOS 7. It seems that most customers upgrade their operating system. Since NSS is no longer in use, we may need to adjust the warning printed because it may be harmful: if the server uses LDAPS connections, then libldap_r library may remove mitigations for SERVER-30643 set by the mongod process in RHEL 7.5+.
This is the current log line:
{"t":{"$date":"2021-05-04T15:32:54.939+00:00"},"s":"W", "c":"ACCESS", "id":24052, "ctx":"main","msg":"LDAP library does not advertise support for thread safety. All access will be serialized and connection pooling will be disabled. Link mongod against libldap_r to enable concurrent use of LDAP."}
The server may advice to disable the NSS shim layer (present only in RHEL7/CentOS 7) to achieve better stability instead of the switch to the libldap_r: TLS_MOZNSS_COMPATIBILITY off setting in the ldap.conf
- causes
-
SERVER-78193 setParameter ldapForceMultiThreadMode is not respected
-
- Closed
-
-
SERVER-78188 Permit default use of multithreaded LDAP connection pool with libldap and OpenSSL 1.1.1
-
- Closed
-
- duplicates
-
-
- Closed
-