<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:46:29 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-59148] LDAP Authorization cache refresh</title>
                <link>https://jira.mongodb.org/browse/SERVER-59148</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Change LDAP user cache management to no longer invalidate all LDAP entries on a periodic basis. Instead of a periodic interval controlled by the set parameter ldapUserCacheRefreshInterval, a new background runner named &quot;LDAPCachePoller&quot; will periodically refresh the role information for cached LDAP users in a single-threaded loop instead. This background runner will be active if isLDAPAuthzEnabled is true. &lt;/p&gt;

&lt;p&gt;For each entry, the server will first check whether the cached entry contains credentials if enableAuthenticationCaching is true. It will then search the LDAP server for role information.&#160;If the result from the LDAP server for the search operation does not match the role information in the cache, it will call insertOrAssign on the cache. Calling insertOrAssign only on changed entries will ensure that the refresh has minimal effect on the LRU tracking of the cache. If the user is missing from LDAP, invalidate() will be called to remove the entry from the cache. Finally, if any LDAP entries are changed, the authorization cache generation number will be bumped which will cause mongos to refresh its cache.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;While MongoDB could issue LDAP queries in parallel, a single-threaded approach will induce a lighter load on the LDAP server. The tradeoff is that it may take longer than ldapUserCacheRefreshInterval to refresh all the cache entries if the LDAP server is running slowly.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;If the LDAP server is unavailable (host down, connection refused, etc) or inadequately performing (queries timeout), the cache entries will not be touched. A global timer will be set on each successful refresh pass. For each refresh pass with errors, a check will be made to see when the last successful pass was made. If the last successful pass was made more than ldapUserCacheStalenessIntervalSeconds seconds, then the cache will be invalidated. This will cause MongoDB to become unavailable for LDAP users until the LDAP server returns.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Since the underlying cache is a LRU with a max size of authorizationManagerCacheSize (default 100), this will not cause the cache to grow forever. Cache entries may remain longer in the cache than in the original design. Iterating the ReadThroughCache, InvalidatingLRU, and LRUCache are all passive operations that do not affect the lifetime of an entry. Only inserting, assigning or getting an entry affects the LRU.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;The older LDAPUserCacheInvalidator will be left in the code and be disabled by default. The reason for this is we are unsure if the most security conscious customers will prefer this behavior. If the user has a non-default value, we will log a warning to tell users that this behavior has changed and warn them it has been deprecated.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1842789">SERVER-59148</key>
            <summary>LDAP Authorization cache refresh</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="varun.ravichandran@mongodb.com">Varun Ravichandran</assignee>
                                    <reporter username="mark.benvenuto@mongodb.com">Mark Benvenuto</reporter>
                        <labels>
                    </labels>
                <created>Thu, 5 Aug 2021 20:30:54 +0000</created>
                <updated>Sun, 29 Oct 2023 21:49:50 +0000</updated>
                            <resolved>Tue, 9 Nov 2021 19:51:03 +0000</resolved>
                                                    <fixVersion>5.2.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="4178528" author="xgen-internal-githook" created="Tue, 9 Nov 2021 19:05:50 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-59148&quot; title=&quot;LDAP Authorization cache refresh&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-59148&quot;&gt;&lt;del&gt;SERVER-59148&lt;/del&gt;&lt;/a&gt;: Periodically refresh LDAP users in authorization user cache&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/d46d2efc689cb7b1b4fb2df9f656d5dc3d7a5fc9&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/d46d2efc689cb7b1b4fb2df9f656d5dc3d7a5fc9&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4178527" author="xgen-internal-githook" created="Tue, 9 Nov 2021 19:05:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-59148&quot; title=&quot;LDAP Authorization cache refresh&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-59148&quot;&gt;&lt;del&gt;SERVER-59148&lt;/del&gt;&lt;/a&gt;: Periodically refresh LDAP users in authorization user cache&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/mongo-enterprise-modules/commit/6eb1f984cc7e1456c7fbff457f9bd8dbde148146&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-enterprise-modules/commit/6eb1f984cc7e1456c7fbff457f9bd8dbde148146&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4101089" author="xgen-internal-githook" created="Mon, 4 Oct 2021 22:24:37 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: Revert &quot;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-59148&quot; title=&quot;LDAP Authorization cache refresh&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-59148&quot;&gt;&lt;del&gt;SERVER-59148&lt;/del&gt;&lt;/a&gt;: Periodically refresh LDAP users in authorization user cache&quot;&lt;/p&gt;

&lt;p&gt;This reverts commit fc05532015895c8907437ea0c06fe83ab6c6f1dc.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/217285dd2d3689aaaf850adefc28aa8edbd7a957&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/217285dd2d3689aaaf850adefc28aa8edbd7a957&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4101088" author="xgen-internal-githook" created="Mon, 4 Oct 2021 22:24:34 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: Revert &quot;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-59148&quot; title=&quot;LDAP Authorization cache refresh&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-59148&quot;&gt;&lt;del&gt;SERVER-59148&lt;/del&gt;&lt;/a&gt;: Periodically refresh LDAP users in authorization user cache&quot;&lt;/p&gt;

&lt;p&gt;This reverts commit dda05b26fdf2245bad6386207f7bf7b56185ff56.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/mongo-enterprise-modules/commit/a8cdabe7f7cf212dad155ff8f808f120a41c5853&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-enterprise-modules/commit/a8cdabe7f7cf212dad155ff8f808f120a41c5853&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4096658" author="xgen-internal-githook" created="Fri, 1 Oct 2021 14:56:51 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-59148&quot; title=&quot;LDAP Authorization cache refresh&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-59148&quot;&gt;&lt;del&gt;SERVER-59148&lt;/del&gt;&lt;/a&gt;: Periodically refresh LDAP users in authorization user cache&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/fc05532015895c8907437ea0c06fe83ab6c6f1dc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/fc05532015895c8907437ea0c06fe83ab6c6f1dc&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4096657" author="xgen-internal-githook" created="Fri, 1 Oct 2021 14:56:49 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-59148&quot; title=&quot;LDAP Authorization cache refresh&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-59148&quot;&gt;&lt;del&gt;SERVER-59148&lt;/del&gt;&lt;/a&gt;: Periodically refresh LDAP users in authorization user cache&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/mongo-enterprise-modules/commit/dda05b26fdf2245bad6386207f7bf7b56185ff56&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-enterprise-modules/commit/dda05b26fdf2245bad6386207f7bf7b56185ff56&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                                                <inwardlinks description="backports">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="1889154">SERVER-60425</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                        <issuelink>
            <issuekey id="1888207">DOCS-14837</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                            <outwardlinks description="causes">
                                        <issuelink>
            <issuekey id="2337436">SERVER-77005</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1545709">SERVER-52940</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5006R00001st3diQAA]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 17 Sep 2021 22:23:20 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 13 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<s><a href='https://jira.mongodb.org/browse/SERVER-60425'>SERVER-60425</a></s>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-1808</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 13 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>mark.benvenuto@mongodb.com</customfieldvalue>
            <customfieldvalue>varun.ravichandran@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzwbwn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hzgiqf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="5135">Security 2021-08-23</customfieldvalue>
    <customfieldvalue id="5136">Security 2021-09-06</customfieldvalue>
    <customfieldvalue id="5137">Security 2021-09-20</customfieldvalue>
    <customfieldvalue id="5138">Security 2021-10-04</customfieldvalue>
    <customfieldvalue id="5146">Security 2021-11-01</customfieldvalue>
    <customfieldvalue id="5522">Security 2021-11-15</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzvy5j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>