[DOCS-16192] Investigate changes in SERVER-77005: Leave LDAP users logged-in during LDAP downtime Created: 09/Jun/23  Updated: 13/Nov/23  Resolved: 06/Jul/23

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 7.0.0-rc4, 6.0.8, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Critical - P2
Reporter: Backlog - Core Eng Program Management Team Assignee: Jason Price
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-77005 Leave LDAP users logged-in during LDA... Closed
Duplicate
is duplicated by DOCS-16204 [BACKPORT] [v7.0] Leave LDAP users lo... Closed
Participants:
Days since reply: 33 weeks, 5 days ago

 Description   
Original Downstream Change Summary

The docs for ldapUserCacheStalenessInterval state that "if more than ldapUserCacheStalenessInterval seconds elapse without a successful refresh of the user information from the LDAP server, then mongod:
1. Invalidates the cached LDAP user information
2. Is unavailable for LDAP users. LDAP users are unable to authenticate until mongod contacts the LDAP server"

After this change, we should change the second bullet point to the following:
2. Unauthenticated connections are unable to authenticate as LDAP users until mongod contacts the LDAP server. However, connections previously authenticated as LDAP users remain authorized with mongod's last-known privileges from the LDAP server until it is able to contact the LDAP server and start refreshing up-to-date information again.

Description of Linked Ticket

Connections which have already been authenticated as LDAP users should remain authenticated and capable of issuing operations with their last-known privileges during LDAP server downtime, provided that the privileges are updated as soon as the LDAP server comes back up.



 Comments   
Comment by Sarah Olson [ 16/Jun/23 ]

Increasing priority as there is an associated help case attached to the Server ticket. 

Closing out Backport issue since that work can be done here: https://jira.mongodb.org/browse/DOCS-16204

Generated at Thu Feb 08 08:14:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.