Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-75153

Log LDAP disconnect leaks and limit copying of LDAP bind options

    XMLWordPrintableJSON

Details

    • Task
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • None
    • None
    • None
    • None
    • Security

    Description

      In an effort to prevent LDAPBindOptions from going out of scope during long network operations, SERVER-45309 stored a copy of those those options onto each connection. Given that each LDAPBindOptions instance stores the user DN and credentials (which is a SecureString ), these copies are potentially expensive. It would be preferable to have a single instance of these options and have each connection store a shared_ptr to it.

      Additionally, the server leaks LDAP connections if they cannot be scheduled into another thread because it assumes that it must be in shutdown if this is the case. We should log whenever this happens to ascertain that LDAP connections are not being inadvertently leaked when thread scheduling fails outside of shutdown.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: