[ldap auth] Handle closed control connection #2606
Assignees
Labels
area/auth
IAM, authorization, authentication, audit, AAA, and integrations with all those
bug
Something isn't working
pr/high-priority
Pull requests that should be reviewed first
Comments
arielshaqed
added
area/auth
arielshaqed
added a commit
that referenced
this issue
Oct 26, 2021
Add much shorter LDAP timeouts to the control connection so users do not need to wait for minutes to fail to login. The control connection may close at any time, because TCP. When it does re-open it on the *next* connection attempt. (The first attempted login after being disconnected may fail. I consider this a feature because it will rarely happen, the user will try again to login, and if the attempt just made is what caused the server to fail then we should give the user some feedback.) Fixes #2606.
arielshaqed
added a commit
that referenced
this issue
Oct 27, 2021
* Re-open control connection after it closes, and add timeouts Add much shorter LDAP timeouts to the control connection so users do not need to wait for minutes to fail to login. The control connection may close at any time, because TCP. When it does re-open it on the *next* connection attempt. (The first attempted login after being disconnected may fail. I consider this a feature because it will rarely happen, the user will try again to login, and if the attempt just made is what caused the server to fail then we should give the user some feedback.) Fixes #2606. * Name LDAP timeouts Not on configuration because of impossibility to set default values on optional subobjects when using viper. Defer on this until a real user requirement for this shows up.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our LDAP library does not keep the control connection alive. So if it closes (e.g. 1-hour timeout overnight) LDAP authentication is lost.
Re-open control connection as needed.
The text was updated successfully, but these errors were encountered: