Bug #57881
openLDAP invalid password resource leak fix
0%
Description
I have noticed that in the case a User tries to log in using LDAP with a wrong password, two new LDAP sessions will be opend but not closed.
This has resulted in a massive increase in open connections to our central LDAP after a while.
The issue lies in the ldap implementation (/src/rgw/ldap.h) since it does not unbind the ldap connection if the requests fail.
I will open a pull request shortly.
Updated by Johannes Liebl over 1 year ago
I created a pull request for a possible fix:
https://github.com/ceph/ceph/pull/48509
Updated by Casey Bodley over 1 year ago
- Status changed from New to Fix Under Review
- Tags set to ldap
- Pull request ID set to 48509
Updated by J. Eric Ivancich over 1 year ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot over 1 year ago
- Tags changed from ldap to ldap backport_processed
Updated by Johannes Liebl about 1 year ago
Is there something I can do to help with Backporting?
We would like this fix to be included in v16.2.12 and v17.2.6 if possible.
Updated by Laura Flores about 1 year ago
- Backport changed from Pacific, Quincy to pacific, quincy
Updated by Laura Flores about 1 year ago
- Copied to Backport #59091: pacific: LDAP invalid password resource leak fix added
Updated by Laura Flores about 1 year ago
- Copied to Backport #59092: quincy: LDAP invalid password resource leak fix added
Updated by Laura Flores about 1 year ago
@Johannes, I created the backports using the "backport-create-issue" and "ceph-backport.sh" scripts under src/scripts in the Ceph repository. This is a very simple way to semi-automate backports.
You can see details on how to use those scripts here:
https://github.com/ceph/ceph/blob/main/SubmittingPatches-backports.rst