[SERVER-34260] Ability to reuse a single TCP connection from mongod to the LDAP server Created: 30/Mar/18  Updated: 29/Oct/23  Resolved: 23/Jan/19

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: None
Fix Version/s: 4.0.9, 4.1.8

Type: Improvement Priority: Major - P3
Reporter: Andrey Brindeyev Assignee: Jonathan Reams
Resolution: Fixed Votes: 3
Labels: platforms_security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Documented
is documented by DOCS-12401 Docs for SERVER-34260: Ability to reu... Closed
Duplicate
is duplicated by SERVER-38885 Log LDAP thread safety warning only o... Closed
Related
related to DOCS-12337 Docs for SERVER-33852: libldap is not... Closed
related to SERVER-35010 LDAP failover/failback selection is s... Closed
is related to SERVER-37193 Implement connection pooling for the ... Closed
is related to SERVER-33852 libldap is not threadsafe with NSS Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0, v3.6
Sprint: Security 2018-12-17, Security 2018-12-31, Security 2019-01-14, Security 2019-01-28
Participants:
Case:

 Description   

When enabling LDAP in the typical setting, mongod process is using the three separate TCP connections to the LDAP server(s) for every db.auth() command:
1. One (or more) connections for the sections in the security.ldap.userToDNMapping option with the ldapQuery predicates
2. A single connection to authenticate the user by using the bind operation
3. A single connection to obtain the list of groups for authorization.

I am wondering if we could create a single TCP connection during the step 1 or 2 and reuse it for the next steps without reestablishing connection every time for the particular thread (==session) in the server?



 Comments   
Comment by Githook User [ 29/Mar/19 ]

Author:

{'name': 'Jonathan Reams', 'username': 'jbreams', 'email': 'jbreams@mongodb.com'}

Message: SERVER-34260 Move bookkeeping functions into ConnectionInterface

(cherry picked from commit c1b72f76bee602cd915bc6ea91bdcef10bd0c707)
Branch: v4.0
https://github.com/mongodb/mongo/commit/a37d71681459ea76affcdf8ebd13f60e098a66ac

Comment by Githook User [ 29/Mar/19 ]

Author:

{'email': 'jbreams@mongodb.com', 'name': 'Jonathan Reams', 'username': 'jbreams'}

Message: SERVER-34260 Use connection pool to manage LDAP connections

(cherry picked from commit fd984a5a7de6c1474ad5b18f48146bf7e5e48959)
Branch: v4.0
https://github.com/10gen/mongo-enterprise-modules/commit/c437dd1dc133b200a66251544c03bcfc704d2efc

Comment by Githook User [ 23/Jan/19 ]

Author:

{'username': 'jbreams', 'email': 'jbreams@mongodb.com', 'name': 'Jonathan Reams'}

Message: SERVER-34260 Use connection pool to manage LDAP connections
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/fd984a5a7de6c1474ad5b18f48146bf7e5e48959

Comment by Githook User [ 23/Jan/19 ]

Author:

{'email': 'jbreams@mongodb.com', 'name': 'Jonathan Reams', 'username': 'jbreams'}

Message: SERVER-34260 Move bookkeeping functions into ConnectionInterface
Branch: master
https://github.com/mongodb/mongo/commit/c1b72f76bee602cd915bc6ea91bdcef10bd0c707

Generated at Thu Feb 08 04:36:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.