Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-80952

Track config server LDAP operations on mongos

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security

    Description

      Mongos defers user lookup to the config server via the usersInfo command. When this is done for LDAP users, it means that all LDAP searches (and the binds and referrals needed to conduct those searches) are performed on the config server. The metrics tracked during currentOp are therefore reflected on the config server but not on the auth operation on the mongos that dispatched usersInfo on the config server.

      We could try to incorporate these metrics from the config server into the parent auth operation on mongos so that all binds, searches, and referrals performed during a given auth attempt are reflected on mongos, regardless of whether they occurred on the mongos or the config server.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: