-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Labels:None
Description
Description:
The ldapQueryPassword setParameter now accepts either a string or an array of strings as password for running LDAP queries. If set to an array of passwords, it will try each one until one succeeds. This can be used to perform a rollover of the LDAP account's password without downtime for mongodb.
Engineering Ticket Description:
When an externally stored password for the LDAP service account gets changed, MongoDB Enterprise Server must somehow be able to obtain the fresh password. This can be accomplished by allowing it to know multiple potential passwords for service accounts in order to enable rotation.
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
- documents
-
SERVER-40442 Re-fetch an externally stored password when LDAP bind fails using a service account
- Closed