[SERVER-75153] Log LDAP disconnect leaks and limit copying of LDAP bind options Created: 22/Mar/23  Updated: 20/Jul/23  Resolved: 20/Jul/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-77299 Pooled LDAP connections may reference... Closed
duplicates SERVER-78833 Make LDAP connections take ownership ... Closed
Problem/Incident
Related
Assigned Teams:
Server Security
Participants:
Case:

 Description   

In an effort to prevent LDAPBindOptions from going out of scope during long network operations, SERVER-45309 stored a copy of those those options onto each connection. Given that each LDAPBindOptions instance stores the user DN and credentials (which is a SecureString ), these copies are potentially expensive. It would be preferable to have a single instance of these options and have each connection store a shared_ptr to it.

Additionally, the server leaks LDAP connections if they cannot be scheduled into another thread because it assumes that it must be in shutdown if this is the case. We should log whenever this happens to ascertain that LDAP connections are not being inadvertently leaked when thread scheduling fails outside of shutdown.


Generated at Thu Feb 08 06:29:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.