Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update UnboundID LDAP SDK to 6.0.3 #81568

Merged
merged 1 commit into from
Dec 9, 2021
Merged

Update UnboundID LDAP SDK to 6.0.3 #81568

merged 1 commit into from
Dec 9, 2021

Conversation

tvernum
Copy link
Contributor

@tvernum tvernum commented Dec 9, 2021

The new release contains fixes for leaking threads (see #80305) and
bias in round robin server sets, both of which are relevant to
Elasticsearch security.

Resolves: #80305

@tvernum
Update UnboundID LDAP SDK to 6.0.3
458b347 
The new release contains fixes for leaking threads (see elastic#80305) and
bias in round robin server sets, both of which are relevant to
Elasticsearch security.

Resolves: elastic#80305
@tvernum tvernum added >non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v8.0.0 auto-backport-and-merge v8.1.0 labels Dec 9, 2021
@tvernum tvernum requested a review from ywangd December 9, 2021 05:59
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Dec 9, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

ywangd
ywangd approved these changes Dec 9, 2021
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Do we want to remove this special handling for 6.0.2?

elasticsearch/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java

Lines 203 to 211 in 647e5fe

if (com.unboundid.ldap.sdk.Version.getShortVersionString().equals("unboundid-ldapsdk-6.0.2")) {
// This is the behaviour in 6.0.2, but per it should be fixed in 6.0.3
// See: https://github.com/pingidentity/ldapsdk/issues/118
// See: https://github.com/pingidentity/ldapsdk/commit/2d08c5258c3a62b7c90cd4e878c4a0d25ae01a82
ports.forEach(port -> {
int count = bindCountPerPort.get(port).get();
assertThat("Connections to port [" + port + "]", count, greaterThanOrEqualTo(numberOfIterations));
assertThat("Connections to port [" + port + "]", count, lessThanOrEqualTo(numberOfIterations * (1 + numberToKill)));
});

@tvernum
Copy link
Contributor Author

tvernum commented Dec 9, 2021

Do we want to remove this special handling for 6.0.2?

Yes, but I want to get the upgrade done as a standalone piece so we can close #80305 and then come back and cleanup.

If it resolve #80305 then we can also remove some of the attempted workaround in there.

@tvernum tvernum merged commit f018714 into elastic:master Dec 9, 2021
@tvernum tvernum mentioned this pull request Dec 9, 2021
Merged
@elasticsearchmachine
Copy link
Collaborator

💚 Backport successful

Status Branch Result
8.0

tvernum added a commit to tvernum/elasticsearch that referenced this pull request Dec 9, 2021
@tvernum
Update UnboundID LDAP SDK to 6.0.3 (elastic#81568)
3d3e955 
The new release contains fixes for leaking threads (see elastic#80305) and
bias in round robin server sets, both of which are relevant to
Elasticsearch security.

Resolves: elastic#80305
elasticsearchmachine pushed a commit that referenced this pull request Dec 23, 2021
@tvernum @elasticmachine
Update UnboundID LDAP SDK to 6.0.3 (#81568) (#81581)
ce3457a 
The new release contains fixes for leaking threads (see #80305) and
bias in round robin server sets, both of which are relevant to
Elasticsearch security.

Resolves: #80305

Co-authored-by: Elastic Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ywangd ywangd ywangd approved these changes

Assignees
No one assigned
Labels
>non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team v8.0.0-rc2 v8.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SearchGroupsResolverInMemoryTests leaking threads
5 participants
@tvernum @elasticmachine @elasticsearchmachine @ywangd @pugnascotia