[SERVER-72482] Add LDAP referral test Created: 03/Jan/23  Updated: 27/Oct/23  Resolved: 03/Jan/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Backlog - Security Team
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Participants:

 Description   

SERVER-70912 revealed that a bug was introduced into the server in 5.1 that causes crashes when chasing LDAP referrals. This bug was only discovered via HELP-38838 because we do not currently have any existing tests for LDAP referrals.

Unfortunately, adding a test for this does not seem trivial. Our existing mock LDAP server and LDAP proxy both use the ldaptor package, which explicitly does not support referrals yet. A cursory investigation of alternative third-party Python libraries did not seem to reveal any promising alternatives.

To add test coverage for LDAP referrals, we need to do the following:

  1. More thoroughly investigate third-party alternatives for ldaptor that support referrals and use them if possible. This currently seems unlikely.
  2. If 1) is not possible, possibly explore forking ldaptor and contributing to add referral support so we can use it.
  3. Alternatively, work with the Build team to set up an additional LDAP test server that can work with the current one for referrals.

Generated at Thu Feb 08 06:21:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.