Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Networking
Labels:
None

Assigned Teams:

Server Security
Case:
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

When configured with an external LDAP authentication & authorization, mongod typically performs three LDAP queries using the separate TCP connections:

userToDNMapping processing
to check the provided password
groups retrieval

The proposed solution is to maintain the connection pool to the external LDAP server and reuse those connections to authenticate the MongoDB clients.

The authentication state of a connection needs to be set back to unauthenticated (using an anonymous bind) before the connection will be returned back to the pool.

related to

SERVER-34260 Ability to reuse a single TCP connection from mongod to the LDAP server

Closed

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Andrey Brindeyev
Participants:: [DO NOT USE] Backlog - Security Team, Andrey Brindeyev, Jonathan Reams
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Sep 18 2018 08:39:32 PM UTC
Updated:: Dec 06 2022 03:18:10 AM UTC
Resolved:: Jan 24 2019 04:25:50 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates