Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-56712

MongoLDAP should advise using Global Catalog on Active Directory instances

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1.0
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Sprint:
      Security 2021-07-12, Security 2021-07-26, Security 2021-08-09

      Description

      Active Directory deployments are often composed of "forests", where multiple Active Directory instances maintain a tree of information, and delegate ownership of some subtrees to other instances. The means, when searching for information in the root, LDAP clients may receive one or more referrals to other instances that they will need to "chase", meaning they must connect to the referred server, rebind, and and re-run the query in question.

      Active Directory provides a Global Catalog, which is an eventually consistent locally cached copy of a subset of the data in the forest. Generally, it will contain all authorization state across the forest. If it stores the data a query needs, directing your LDAP queries to a local Global Catalog will allow them to execute more quickly, without needing to chase referals, establish new connections, or rebind. Avoiding referal chasing improves LDAP performance, and avoids a number of failure scenarios.

       

      When communicating with Active Directory, if mongoldap is not configured to use the Global Catalog LDAP ports, it should recommend adjusting the configuration to use them.

        Attachments

          Activity

            People

            Assignee:
            aldo.aguilar Aldo Aguilar
            Reporter:
            spencer.jackson Spencer Jackson
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: