Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-59734

Enforce connection pool timeouts during LDAP liveness checks

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 5.1.0-rc0
    • None
    • None
    • None
    • Fully Compatible
    • ALL
    • Security 2021-09-06, Security 2021-09-20

    Description

      When the connection pool is used, we enforce timeouts for binds and queries to the LDAP server. This adds a layer of protection over raw LDAP connections, which rely entirely on the system LDAP library to enforce timeouts. However, the code path for liveness checks is slightly different from other queries (it flows through `WrappedConnection::checkLiveness()` rather than `WrappedConnection::query()`). `WrappedConnection::query()` enforces a timeout on the corresponding LDAP connection's query call, but `WrappedConnection::checkLiveness()` does not. As a result, all instances where `WrappedConnection::checkLiveness()` is used (notably in `PooledLDAPConnection::setup()` and `PooledLDAPConnection::refresh()`) are fully reliant on the system LDAP library for timeout enforcement rather than enforcing it directly. 

       

      To remain consistent with how we enforce timeouts for other LDAP network operations, we should ensure that `WrappedConnection::checkLiveness()` also enforces timeouts.

      Attachments

        Activity

          People

            varun.ravichandran@mongodb.com Varun Ravichandran
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: