[SERVER-31893] Explicitly define timeout for synchronous LDAP calls Created: 09/Nov/17  Updated: 30/Oct/23  Resolved: 17/Jan/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.4.2
Fix Version/s: 3.4.15, 3.6.3, 3.7.2

Type: Bug Priority: Major - P3
Reporter: Andrey Brindeyev Assignee: Spencer Jackson
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Requested:
v3.6, v3.4
Sprint: Platforms 2018-01-29
Participants:

 Description   

Enterprise Server currently sets two types of timeouts for libldap, LDAP_OPT_TIMELIMIT and LDAP_OPT_NETWORK_TIMEOUT.

Turns out there's a third timeout parameter in libldap which is used to determine how long to synchronously wait for asynchronous operations to finish. We use a synchronous authentication command, while apparently calls the async version under the hood, then calls ldap_result.

The internal code sets the timeout to NULL which results in an indefinite timeout for the password verification connection, resulting in the session accumulation in the server.



 Comments   
Comment by Githook User [ 29/Mar/18 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-31893: Explicitly define timeout for synchronous LDAP calls

(cherry picked from commit 55acae0b3cfbe1e33130a472210e13f0b2a61165)
Branch: v3.4
https://github.com/10gen/mongo-enterprise-modules/commit/75c83931a2aff0668986caad6eee6203636e9023

Comment by Githook User [ 08/Feb/18 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-31893: Explicitly define timeout for synchronous LDAP calls

(cherry picked from commit 55acae0b3cfbe1e33130a472210e13f0b2a61165)
Branch: v3.6
https://github.com/10gen/mongo-enterprise-modules/commit/254387445b25271aaf044000efd419816b0fc198

Comment by Githook User [ 17/Jan/18 ]

Author:

{'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}

Message: SERVER-31893: Explicitly define timeout for synchronous LDAP calls
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/55acae0b3cfbe1e33130a472210e13f0b2a61165

Generated at Thu Feb 08 04:28:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.