Bug 1987471 - [RFE] Add config parameter to close client connections on failed BIND [NEEDINFO]
Summary: [RFE] Add config parameter to close client connections on failed BIND
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: 389-ds-base
Version: 9.1
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: rc
: 9.3
Assignee: Jamie Chapman
QA Contact: LDAP QA Team
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-29 14:57 UTC by Renaud Marigny
Modified: 2023-08-02 12:26 UTC (History)
8 users (show)

Fixed In Version: 389-ds-base-2.3.4-2.el9
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:
tbordaz: needinfo? (rmarigny)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 5707 0 None closed RFE - Add config parameter to close client connections on failed BIND 2023-07-20 14:12:31 UTC
Red Hat Issue Tracker IDMDS-2821 0 None None None 2023-03-01 16:15:40 UTC
Red Hat Issue Tracker IDMDS-3086 0 None None None 2023-06-02 05:48:50 UTC
Red Hat Issue Tracker IDMDS-3349 0 None None None 2023-07-12 05:43:29 UTC
Red Hat Issue Tracker RHEL-861 0 None None None 2023-07-26 10:57:52 UTC

Description Renaud Marigny 2021-07-29 14:57:18 UTC 
Description of problem:

Some customers ask for the possibility to close a client connection (from RHDS side) when a BIND is failing. This is to prevent some malformed applications (that ignore BIND return code) to load the server with further requests.

We could for example add a config parameter called  nsslapd-closure-on-bind-failure for this purpose

Version-Release number of selected component (if applicable):


How reproducible:

N/A

Steps to Reproduce:

N/A

Actual results:


Expected results:


Additional info:
Comment 10 Viktor Ashirov 2023-07-28 09:56:25 UTC 
Automated tests pass:
============================================================= test session starts =============================================================
platform linux -- Python 3.9.17, pytest-7.4.0, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.9.17', 'Platform': 'Linux-5.14.0-344.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '7.4.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '3.0.0', 'html': '3.2.0', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}}
389-ds-base: 2.3.4-3.el9
nss: 3.90.0-2.el9_2
nspr: 4.35.0-2.el9_2
openldap: 2.6.3-1.el9
cyrus-sasl: 2.1.27-21.el9
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests
configfile: pytest.ini
plugins: metadata-3.0.0, html-3.2.0, libfaketime-0.1.2, flaky-3.7.0
collected 56 items / 51 deselected / 5 selected

dirsrvtests/tests/suites/basic/basic_test.py::test_bind_invalid_entry PASSED                                                            [ 20%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_entry_missing_passwd PASSED                                                     [ 40%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_invalid_entry PASSED                                                 [ 60%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_cert_map_failed PASSED                                               [ 80%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_disconnect_account_lockout PASSED                                               [100%]

========================================== 5 passed, 51 deselected, 35 warnings in 65.44s (0:01:05) ==========================================

Marking as Verified:Tested
Note You need to log in before you can comment on or make changes to this bug.