[SERVER-31893] Explicitly define timeout for synchronous LDAP calls Created: 09/Nov/17 Updated: 30/Oct/23 Resolved: 17/Jan/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.4.2 |
| Fix Version/s: | 3.4.15, 3.6.3, 3.7.2 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andrey Brindeyev | Assignee: | Spencer Jackson |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Minor Change | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v3.6, v3.4
|
||||||||
| Sprint: | Platforms 2018-01-29 | ||||||||
| Participants: | |||||||||
| Description |
|
Enterprise Server currently sets two types of timeouts for libldap, LDAP_OPT_TIMELIMIT and LDAP_OPT_NETWORK_TIMEOUT. Turns out there's a third timeout parameter in libldap which is used to determine how long to synchronously wait for asynchronous operations to finish. We use a synchronous authentication command, while apparently calls the async version under the hood, then calls ldap_result. The internal code sets the timeout to NULL which results in an indefinite timeout for the password verification connection, resulting in the session accumulation in the server. |
| Comments |
| Comment by Githook User [ 29/Mar/18 ] |
|
Author: {'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}Message: (cherry picked from commit 55acae0b3cfbe1e33130a472210e13f0b2a61165) |
| Comment by Githook User [ 08/Feb/18 ] |
|
Author: {'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}Message: (cherry picked from commit 55acae0b3cfbe1e33130a472210e13f0b2a61165) |
| Comment by Githook User [ 17/Jan/18 ] |
|
Author: {'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}Message: |