<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:38:33 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-35010] LDAP failover/failback selection is suboptimal</title>
                <link>https://jira.mongodb.org/browse/SERVER-35010</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Undesirable behaviour has been observed with respect to LDAP server failover and failback.&#160; The reproduction case indicates that one of the failure modes leads to undesirable behaviour and is fairly suboptimal.&lt;/p&gt;

&lt;p&gt;I suggest this stems from the root issue that the &lt;tt&gt;mongod&lt;/tt&gt; has no notion of LDAP server availability.&#160;&#160;There is no keepalive or heartbeat, nor any reasonable attempt to load balance requests across multiple LDAP servers as the primary server is overwhelmingly preferred (even in the event of failure).&lt;/p&gt;</description>
                <environment></environment>
        <key id="544653">SERVER-35010</key>
            <summary>LDAP failover/failback selection is suboptimal</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13203">Gone away</resolution>
                                        <assignee username="backlog-server-security">Backlog - Security Team</assignee>
                                    <reporter username="luke.prochazka@mongodb.com">Luke Prochazka</reporter>
                        <labels>
                    </labels>
                <created>Wed, 16 May 2018 07:33:27 +0000</created>
                <updated>Fri, 27 Oct 2023 20:43:26 +0000</updated>
                            <resolved>Mon, 10 Jun 2019 17:34:43 +0000</resolved>
                                    <version>3.6.3</version>
                                                    <component>Networking</component>
                    <component>Security</component>
                                        <votes>9</votes>
                                    <watches>17</watches>
                                                                                                                <comments>
                            <comment id="2144867" author="jonathan.reams@10gen.com" created="Mon, 11 Feb 2019 19:06:17 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=luke.prochazka&quot; class=&quot;user-hover&quot; rel=&quot;luke.prochazka&quot;&gt;luke.prochazka&lt;/a&gt;, here&apos;s a summary of all the changes to connection handling in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-34260&quot; title=&quot;Ability to reuse a single TCP connection from mongod to the LDAP server&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-34260&quot;&gt;&lt;del&gt;SERVER-34260&lt;/del&gt;&lt;/a&gt;. The underlying implementation of the connection pool used by &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-34260&quot; title=&quot;Ability to reuse a single TCP connection from mongod to the LDAP server&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-34260&quot;&gt;&lt;del&gt;SERVER-34260&lt;/del&gt;&lt;/a&gt; is the same one used by mongos to talk to shards in a sharded cluster.&lt;/p&gt;

&lt;p&gt;There is no option to round-robin requests across all available LDAP servers; the first LDAP server whose connection succeeds (either because it connected fastest or there was a pooled idle connection available) is the one that gets used.&lt;/p&gt;

&lt;p&gt;Idle connections are periodically refreshed in the background by running an empty RootDSE query - so you can be reasonably sure that an LDAP connection that is being used for auth is healthy before it gets used.&lt;/p&gt;

&lt;p&gt;If a connection encounters an error either during a refresh or during normal use, it does not get returned to the pool, all of the existing connections to that host are assumed to be bad and dropped, and a new connection attempt is started in the background.&lt;/p&gt;

&lt;p&gt;Once an LDAP server recovers and is available again, it will start being used automatically by the connection pool.&lt;/p&gt;

&lt;p&gt;If the customer is using round-robined A records then there won&apos;t be any improvement for connection failover compared to the non-pooled implementation, except that connections will be reused as long as there are no connection issues.&lt;/p&gt;</comment>
                            <comment id="2127068" author="dayolasode@gmail.com" created="Fri, 25 Jan 2019 12:45:37 +0000"  >&lt;p&gt;I&#160; think that proposed behavior should fix this (subject to further tests)&lt;/p&gt;

&lt;p&gt;My assumption is that if&#160; connections in the pool are stale e.g. because an initially selected&#160; LDAP server is down or a timeout threshold is surpassed, it&apos;s&#160; refreshed again based on whichever LDAP servers are still online and steps (1) to (3)&#160; in the auth process&#160;are repeated, with the same connection?&lt;/p&gt;

&lt;p&gt;I&apos;m assuming those 3 steps&#160; are&#160; sequential&#160;&#160;&lt;/p&gt;

&lt;p&gt;Thanks&lt;/p&gt;</comment>
                            <comment id="2126046" author="jonathan.reams@10gen.com" created="Thu, 24 Jan 2019 16:43:42 +0000"  >&lt;p&gt;This may be improved by &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-34260&quot; title=&quot;Ability to reuse a single TCP connection from mongod to the LDAP server&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-34260&quot;&gt;&lt;del&gt;SERVER-34260&lt;/del&gt;&lt;/a&gt; which implements a connection pool and attempts to connect to all the hosts in the URI at once and returns the first one that actually succeeds.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="519342">SERVER-34260</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25129"><![CDATA[Server Security]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[500A000000ZsB1CIAV, 500A000000byHmmIAE, 500A000000cDdvsIAC, 5002K00000czjQOQAY, 5002K00000dMoYLQA0, 5002K00000dPz5gQAC, 5002K00000hPsPiQAK]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 21 May 2018 23:20:22 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        5 years, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-1332</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>backlog-server-security</customfieldvalue>
            <customfieldvalue>dayolasode@gmail.com</customfieldvalue>
            <customfieldvalue>jonathan.reams@mongodb.com</customfieldvalue>
            <customfieldvalue>luke.prochazka@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hty6mv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|huu11b:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htxsw7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>