Skip to content

A dead LDAP upstream can block the authentication and show global variables. #51883

New issue
New issue
Closed
#51927
#51912
Closed
A dead LDAP upstream can block the authentication and show global variables.#51883
#51927
#51912
Assignees
YangKeao
Labels
affects-7.1This bug affects the 7.1.x(LTS) versions.affects-7.5This bug affects the 7.5.x(LTS) versions.sig/sql-infraSIG: SQL Infratype/enhancementThe issue or PR belongs to an enhancement.
@YangKeao

Description

@YangKeao
YangKeao
opened on Mar 19, 2024

Enhancement

Some functions about LDAP don't have timeout mechanism (e.g. StartTLS), therefore, the RLock of it cannot be released until the upstream returns.

I'd like to address the following enhancement:

  1. Don't include any network / IO in the RLock. An RLock in golang can block the Lock, and a pending write lock will blocks all other RLock, which will make the things much worse.
  2. Add timeout mechanism for LDAP functions.
  3. Add metrics for them.

Metadata

Metadata

Assignees

Labels

affects-7.1This bug affects the 7.1.x(LTS) versions.affects-7.5This bug affects the 7.5.x(LTS) versions.sig/sql-infraSIG: SQL Infratype/enhancementThe issue or PR belongs to an enhancement.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions