Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-59047

Add TCP connection offloading for OpenLDAP connections

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security

    Description

      Once we use DNS -> A record resolution for round robin DNS, we need customize the TLS certificate validation to validate certificates against something other then a certificate.

      Steps:

      1. Create a synchronous TCP connection by using Socket in src/mongo/util/net/sock.h
      2. Call Socket::connect()
      3. Call ldap_init_fd with the DNS name of the server we are connecting to instead of the IP address we connected with.
      4. Call ldap_install_tls if TLS

      See https://pagure.io/SSSD/sssd/issue/905 for details.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: