Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12786

Docs for SERVER-40442: Re-fetch an externally stored password when LDAP bind fails using a service account

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.1
    • Component/s: manual, Server
    • Labels:
      None

      Description

      Description

      Description:

      The ldapQueryPassword setParameter now accepts either a string or an array of strings as password for running LDAP queries. If set to an array of passwords, it will try each one until one succeeds. This can be used to perform a rollover of the LDAP account's password without downtime for mongodb.

      Engineering Ticket Description:

      When an externally stored password for the LDAP service account gets changed, MongoDB Enterprise Server must somehow be able to obtain the fresh password. This can be accomplished by allowing it to know multiple potential passwords for service accounts in order to enable rotation.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              zach.carr Zachary Carr
              Reporter:
              kay.kim Kay Kim (Inactive)
              Participants:
              Last commenter:
              Zachary Carr
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                5 weeks, 2 days ago
                Date of 1st Reply: