Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-80952

Track config server LDAP operations on mongos

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security

      Mongos defers user lookup to the config server via the usersInfo command. When this is done for LDAP users, it means that all LDAP searches (and the binds and referrals needed to conduct those searches) are performed on the config server. The metrics tracked during currentOp are therefore reflected on the config server but not on the auth operation on the mongos that dispatched usersInfo on the config server.

      We could try to incorporate these metrics from the config server into the parent auth operation on mongos so that all binds, searches, and referrals performed during a given auth attempt are reflected on mongos, regardless of whether they occurred on the mongos or the config server.

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: