Details
-
Task
-
Resolution: Fixed
-
Major - P3
-
None
-
None
-
None
-
Server Security
-
Fully Compatible
-
Security 2023-07-10, Security 2023-07-24, Security 2023-08-07
-
(copied to CRM)
Description
Today, if the server starts and finds itself using OpenSSL 1.1.1 or newer, and the standard libldap library, it will warn:
"OpenSSL 1.1.1 and higher has no performance impact "
|
"with libldap_r. Link mongod against libldap_r to enable "
|
"concurrent use of LDAP. "
|
"Your OpenSSL version is: " OPENSSL_VERSION_TEXT
|
The server will also disable its use of the multithreaded LDAP connection pool.
We should remove this behavior because:
- Switching from libldap to libldap_r is very hard. We should not ask the user to do so without a very good reason.
- Running without the connection pool by default is a poor experience.
- We do not have evidence of reliability concerns with libldap when used in conjunction with OpenSSL 1.1.1
Attachments
Issue Links
- is caused by
-
SERVER-56617 Reconsider advice to switch to the libldap_r
-
- Closed
-
- is duplicated by
-
SERVER-78193 setParameter ldapForceMultiThreadMode is not respected
-
- Closed
-