Bug 1987471

Summary: [RFE] Add config parameter to close client connections on failed BIND
Product: Red Hat Enterprise Linux 9 Reporter: Renaud Marigny <rmarigny>
Component: 389-ds-baseAssignee: Jamie Chapman <jachapma>
Status: VERIFIED --- QA Contact: LDAP QA Team <idm-ds-qe-bugs>
Severity: medium Docs Contact:
Priority: high    
Version: 9.1CC: bsmejkal, idm-ds-dev-bugs, jachapma, mreynolds, pasik, spichugi, tbordaz, vashirov
Target Milestone: rcKeywords: FutureFeature, MigratedToJIRA, Triaged
Target Release: 9.3Flags: tbordaz: needinfo? (rmarigny)
Hardware: x86_64   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-base-2.3.4-2.el9 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Renaud Marigny 2021-07-29 14:57:18 UTC 
Description of problem:

Some customers ask for the possibility to close a client connection (from RHDS side) when a BIND is failing. This is to prevent some malformed applications (that ignore BIND return code) to load the server with further requests.

We could for example add a config parameter called  nsslapd-closure-on-bind-failure for this purpose

Version-Release number of selected component (if applicable):


How reproducible:

N/A

Steps to Reproduce:

N/A

Actual results:


Expected results:


Additional info:
Comment 10 Viktor Ashirov 2023-07-28 09:56:25 UTC 
Automated tests pass:
============================================================= test session starts =============================================================
platform linux -- Python 3.9.17, pytest-7.4.0, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.9.17', 'Platform': 'Linux-5.14.0-344.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '7.4.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '3.0.0', 'html': '3.2.0', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}}
389-ds-base: 2.3.4-3.el9
nss: 3.90.0-2.el9_2
nspr: 4.35.0-2.el9_2
openldap: 2.6.3-1.el9
cyrus-sasl: 2.1.27-21.el9
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests
configfile: pytest.ini
plugins: metadata-3.0.0, html-3.2.0, libfaketime-0.1.2, flaky-3.7.0
collected 56 items / 51 deselected / 5 selected

dirsrvtests/tests/suites/basic/basic_test.py::test_bind_invalid_entry PASSED                                                            [ 20%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_entry_missing_passwd PASSED                                                     [ 40%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_invalid_entry PASSED                                                 [ 60%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_cert_map_failed PASSED                                               [ 80%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_account_lockout PASSED                                               [100%]

========================================== 5 passed, 51 deselected, 35 warnings in 65.44s (0:01:05) ==========================================

Marking as Verified:Tested