Project

General

Profile

Bug #57881

LDAP invalid password resource leak fix

Added by Johannes Liebl 4 months ago. Updated 14 days ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Target version:
% Done:

0%

Source:
Community (user)
Tags:
ldap backport_processed
Backport:
Pacific, Quincy
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

I have noticed that in the case a User tries to log in using LDAP with a wrong password, two new LDAP sessions will be opend but not closed.
This has resulted in a massive increase in open connections to our central LDAP after a while.

The issue lies in the ldap implementation (/src/rgw/ldap.h) since it does not unbind the ldap connection if the requests fail.
I will open a pull request shortly.

History

#1 Updated by Johannes Liebl 4 months ago

I created a pull request for a possible fix:
https://github.com/ceph/ceph/pull/48509

#2 Updated by Casey Bodley 4 months ago

  • Status changed from New to Fix Under Review
  • Tags set to ldap
  • Pull request ID set to 48509

#3 Updated by Casey Bodley 3 months ago

  • Assignee set to Matt Benjamin

#4 Updated by J. Eric Ivancich 14 days ago

  • Status changed from Fix Under Review to Pending Backport

#5 Updated by Backport Bot 14 days ago

  • Tags changed from ldap to ldap backport_processed

Also available in: Atom PDF