Bug #100334 Hanging LDAP request blocks shutdown of server
Submitted: 27 Jul 2020 14:19 Modified: 28 Jul 2020 13:59
Reporter: Oli Sennhauser Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Pluggable Authentication Severity:S4 (Feature request)
Version:8.0.21 OS:Linux (n.a.)
Assigned to: CPU Architecture:x86 (n.a.)
Tags: hanging, LDAP, shutdown, timeout

[27 Jul 2020 14:19] Oli Sennhauser 
Description:
We had a connection problem with the LDAP server.
Authentication failed/hung.
Then we wanted to restart MySQL server (because of other reasons).
Shutdown took about 12 minutes (hung in LDAP connect).

We assume the LDAP connection timeout is not set because we see messages like this:

wait4msg ld 0x72ad490 msgid 7 (infinite timeout)

In LDAP timeouts can be configured: Server timeout, Client timeout. We cannot specify LDAP client timeout in MySQL. Or at least we haven't found a possibility to configure ldap authentication.

We found the following reference:

https://docs.oracle.com/cd/E12530_01/oam.1014/b32419/ldappure.htm

"Make sure the Maximum Session Time (in seconds) is less than the Active Directory Idle Timeout (typically less than 600 seconds)."

How to repeat:
Simulate LDAP problems. Possibly a simple LDAP shutdown after a first successful connect can simulate it already.

Suggested fix:
Implement LDAP client timeout.
[27 Jul 2020 14:27] Oli Sennhauser 
MySQL Error Log of hanging LDAP request with shutdown

Attachment: mysql_error.log (text/x-log), 37.14 KiB.
[28 Jul 2020 13:59] MySQL Verification Team 
Hello Oli Sennhauser,

Thank you for report and feedback.
Verifying as a feature request after discussing with Developer(Yashwant Sahu) since this required implementation of timeout.

regards,
Umesh