[SERVER-77005] Leave LDAP users logged-in during LDAP downtime Created: 10/May/23  Updated: 29/Oct/23  Resolved: 09/Jun/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc4, 6.0.8

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Documented
is documented by DOCS-16192 Investigate changes in SERVER-77005: ... Closed
Problem/Incident
is caused by SERVER-59148 LDAP Authorization cache refresh Closed
Related
Backwards Compatibility: Minor Change
Backport Requested:
v7.0, v6.3, v6.0
Sprint: Security 2023-05-15, Security 2023-05-29, Security 2023-06-12
Participants:
Case:

 Description   

Connections which have already been authenticated as LDAP users should remain authenticated and capable of issuing operations with their last-known privileges during LDAP server downtime, provided that the privileges are updated as soon as the LDAP server comes back up.



 Comments   
Comment by Githook User [ 16/Jun/23 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-77005: Allow already-authorized LDAP users to remain authenticated after cache invalidation

(cherry picked from commit f766d5a43a09f8eff6a70efcdded2e3da4c62eba)
(cherry picked from commit 8315ba72f781bcc3acfa9ded16e3cc361984414f)
Branch: v6.0
https://github.com/mongodb/mongo/commit/971fb73ccfa813d05400a05c3e8b68f36ba322f7

Comment by Githook User [ 15/Jun/23 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-77005: Allow already-authorized LDAP users to remain authenticated after cache invalidation

(cherry picked from commit f766d5a43a09f8eff6a70efcdded2e3da4c62eba)
Branch: v7.0
https://github.com/mongodb/mongo/commit/8315ba72f781bcc3acfa9ded16e3cc361984414f

Comment by Githook User [ 08/Jun/23 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-77005: Allow already-authorized LDAP users to remain authenticated after cache invalidation
Branch: master
https://github.com/mongodb/mongo/commit/f766d5a43a09f8eff6a70efcdded2e3da4c62eba

Generated at Thu Feb 08 06:34:15 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.