[SERVER-59047] Add TCP connection offloading for OpenLDAP connections Created: 02/Aug/21  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-59049 Add support for round robin DNS A rec... Backlog
Assigned Teams:
Server Security
Participants:

 Description   

Once we use DNS -> A record resolution for round robin DNS, we need customize the TLS certificate validation to validate certificates against something other then a certificate.

Steps:

  1. Create a synchronous TCP connection by using Socket in src/mongo/util/net/sock.h
  2. Call Socket::connect()
  3. Call ldap_init_fd with the DNS name of the server we are connecting to instead of the IP address we connected with.
  4. Call ldap_install_tls if TLS

See https://pagure.io/SSSD/sssd/issue/905 for details.


Generated at Thu Feb 08 05:46:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.