Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-75153

Log LDAP disconnect leaks and limit copying of LDAP bind options

    • Type: Icon: Task Task
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Server Security

      In an effort to prevent LDAPBindOptions from going out of scope during long network operations, SERVER-45309 stored a copy of those those options onto each connection. Given that each LDAPBindOptions instance stores the user DN and credentials (which is a SecureString ), these copies are potentially expensive. It would be preferable to have a single instance of these options and have each connection store a shared_ptr to it.

      Additionally, the server leaks LDAP connections if they cannot be scheduled into another thread because it assumes that it must be in shutdown if this is the case. We should log whenever this happens to ascertain that LDAP connections are not being inadvertently leaked when thread scheduling fails outside of shutdown.

            backlog-server-security [DO NOT USE] Backlog - Security Team
            varun.ravichandran@mongodb.com Varun Ravichandran
            0 Vote for this issue
            4 Start watching this issue