Bug 1987471
| Summary: | [RFE] Add config parameter to close client connections on failed BIND | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Renaud Marigny <rmarigny> |
| Component: | 389-ds-base | Assignee: | Jamie Chapman <jachapma> |
| Status: | CLOSED ERRATA | QA Contact: | LDAP QA Team <idm-ds-qe-bugs> |
| Severity: | medium | Docs Contact: | Evgenia Martynyuk <emartyny> |
| Priority: | high | ||
| Version: | 9.1 | CC: | bsmejkal, emartyny, idm-ds-dev-bugs, jachapma, mreynolds, pasik, spichugi, tbordaz, vashirov |
| Target Milestone: | rc | Keywords: | FutureFeature, MigratedToJIRA, Triaged |
| Target Release: | 9.3 | Flags: | pm-rhel:
mirror+
|
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | 389-ds-base-2.3.4-2.el9 | Doc Type: | Enhancement |
| Doc Text: |
.Directory Server can now close a client connection if a `bind` operation fails
Previously, when a `bind` operation failed, some applications that ignore the `bind` return code could load Director Server with further requests.
With the new `nsslapd-close-on-failed-bind` configuration attribute under the `cn=config` entry, the server can close a client connection when the `bind` operation fails. As a result,
the server load can be reduced.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-07 08:25:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Renaud Marigny
2021-07-29 14:57:18 UTC
Automated tests pass:
============================================================= test session starts =============================================================
platform linux -- Python 3.9.17, pytest-7.4.0, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.9.17', 'Platform': 'Linux-5.14.0-344.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '7.4.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '3.0.0', 'html': '3.2.0', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}}
389-ds-base: 2.3.4-3.el9
nss: 3.90.0-2.el9_2
nspr: 4.35.0-2.el9_2
openldap: 2.6.3-1.el9
cyrus-sasl: 2.1.27-21.el9
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests
configfile: pytest.ini
plugins: metadata-3.0.0, html-3.2.0, libfaketime-0.1.2, flaky-3.7.0
collected 56 items / 51 deselected / 5 selected
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_invalid_entry PASSED [ 20%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_entry_missing_passwd PASSED [ 40%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_invalid_entry PASSED [ 60%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_cert_map_failed PASSED [ 80%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_account_lockout PASSED [100%]
========================================== 5 passed, 51 deselected, 35 warnings in 65.44s (0:01:05) ==========================================
Marking as Verified:Tested
The RN text draft in prepared in the DocText field. Sending to the SME review. RN text passed SME and peer review Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (389-ds-base bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6350 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |