Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-59734

Enforce connection pool timeouts during LDAP liveness checks

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1.0-rc0
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Sprint:
      Security 2021-09-06, Security 2021-09-20

      Description

      When the connection pool is used, we enforce timeouts for binds and queries to the LDAP server. This adds a layer of protection over raw LDAP connections, which rely entirely on the system LDAP library to enforce timeouts. However, the code path for liveness checks is slightly different from other queries (it flows through `WrappedConnection::checkLiveness()` rather than `WrappedConnection::query()`). `WrappedConnection::query()` enforces a timeout on the corresponding LDAP connection's query call, but `WrappedConnection::checkLiveness()` does not. As a result, all instances where `WrappedConnection::checkLiveness()` is used (notably in `PooledLDAPConnection::setup()` and `PooledLDAPConnection::refresh()`) are fully reliant on the system LDAP library for timeout enforcement rather than enforcing it directly. 

       

      To remain consistent with how we enforce timeouts for other LDAP network operations, we should ensure that `WrappedConnection::checkLiveness()` also enforces timeouts.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              varun.ravichandran Varun Ravichandran
              Reporter:
              varun.ravichandran Varun Ravichandran
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: