[DOCS-11320] Docs for SERVER-33158: Logical Session refresh batches are too large Created: 14/Feb/18  Updated: 29/Oct/23  Resolved: 19/Jun/18

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 3.7.2, 3.6.3

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-33158 Logical Session refresh batches are t... Closed
Participants:
Days since reply: 5 years, 34 weeks, 1 day ago
Epic Link: DOCS: 4.0 Server

 Description   

Documentation Request Summary:

Usernames are capped at 10k bytes when used with logical sessions.

Wired tiger indexes already imposed a 1024 byte limit for internally auth'd users, this limit applies to externally auth'd users (ldap, x509, etc)

Scope of changes:

  • source/core/kerberos.txt
  • source/core/security-ldap.txt
  • source/core/security-x.509.txt
  • source/includes/apiargs-dbcommand-createUser-field.yaml since added to db.createUser
  • source/includes/extracts-create-users-base.yaml
  • source/includes/steps-configure-ldap-mongodb.yaml
  • source/includes/steps-control-access-to-mongodb-windows-with-kerberos-authentication.yaml
  • source/includes/steps-control-access-to-mongodb-with-kerberos-authentication.yaml
  • source/reference/command/createUser.txt
  • source/reference/method/db.createUser.txt
  • source/tutorial/configure-x509-client-authentication.txt
  • source/tutorial/create-users.txt since added to extracts-create-users-base
  • source/reference/server-sessions.txt
  • source/reference/limits.txt

+ backport

Impact to other docs outside of this product:

none

MVP:

Resources:

Engineering Ticket Description:

The batches created by the LogicalSessionCache can exceed the 16mb bson size limit for bson on the wire. This will cause the refresh step to fail, preventing logical sessions from ever being synced to the global collection.

This happens because we don't explicitly size our batches (we were relying on the write_cmd item batch limit, rather than a byte limit). Previously the write_cmd batch limit had been 1000 items, which allowed for 16k per record. The new limit is 100k, which gives a 160 byte budget we can exceed with very large user names (as we sync the lsid + the user@db name).

By forcing a new 10k limit on username sizes used with logical sessions we can then ensure that a lower 1k limit will always be safe.



 Comments   
Comment by Githook User [ 19/Jun/18 ]

Author:

{'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}

Message: DOCS-11320: $external user and sessions username limit
Branch: v3.6
https://github.com/mongodb/docs/commit/573ad840620e807ccb10c04c56f09dedd4e06162

Comment by Githook User [ 19/Jun/18 ]

Author:

{'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}

Message: DOCS-11320: $external user and sessions username limit
Branch: master
https://github.com/mongodb/docs/commit/6d61059930e6eefea3731b5b3f96bfa2eb341370

Generated at Thu Feb 08 08:02:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.