Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-78188

Permit default use of multithreaded LDAP connection pool with libldap and OpenSSL 1.1.1

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.1.0-rc0, 7.0.6
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Server Security
    • Fully Compatible
    • v7.0
    • Security 2023-07-10, Security 2023-07-24, Security 2023-08-07

      Today, if the server starts and finds itself using OpenSSL 1.1.1 or newer, and the standard libldap library, it will warn:

      "OpenSSL 1.1.1 and higher has no performance impact "
      "with libldap_r. Link mongod against libldap_r to enable "
      "concurrent use of LDAP. "
      "Your OpenSSL version is: " OPENSSL_VERSION_TEXT

      The server will also disable its use of the multithreaded LDAP connection pool.

      We should remove this behavior because:

      • Switching from libldap to libldap_r is very hard. We should not ask the user to do so without a very good reason.
      • Running without the connection pool by default is a poor experience.
      • We do not have evidence of reliability concerns with libldap when used in conjunction with OpenSSL 1.1.1

            varun.ravichandran@mongodb.com Varun Ravichandran
            spencer.jackson@mongodb.com Spencer Jackson
            0 Vote for this issue
            5 Start watching this issue