-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
-
ALL
-
Security 2021-09-06, Security 2021-09-20
When the connection pool is used, we enforce timeouts for binds and queries to the LDAP server. This adds a layer of protection over raw LDAP connections, which rely entirely on the system LDAP library to enforce timeouts. However, the code path for liveness checks is slightly different from other queries (it flows through `WrappedConnection::checkLiveness()` rather than `WrappedConnection::query()`). `WrappedConnection::query()` enforces a timeout on the corresponding LDAP connection's query call, but `WrappedConnection::checkLiveness()` does not. As a result, all instances where `WrappedConnection::checkLiveness()` is used (notably in `PooledLDAPConnection::setup()` and `PooledLDAPConnection::refresh()`) are fully reliant on the system LDAP library for timeout enforcement rather than enforcing it directly.
To remain consistent with how we enforce timeouts for other LDAP network operations, we should ensure that `WrappedConnection::checkLiveness()` also enforces timeouts.
- is depended on by
-
SERVER-56183 Prevent LDAP connection pool from stalling the serverStatus output
- Closed