-
Type: Task
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: mongodb-2.6
-
Component/s: manual
-
Labels:None
-
Environment:ldap/saslauthd
In the LDAP section of the release notes there is a section on saslauthd configuration. That should be ammended with the following information:
On systems with /etc/sysconfig/saslauthd (RH, Fedora, CentOS, AWS AMI) make sure mech is set to ldap (not PAM)
MECH=ldap
on systems with /etc/default/saslauthd ensure the MECHANISMS is set to ldap
MECHANISMS="ldap"
To connect to an openLDAP server, a saslauthd.conf file like the following can be used:
ldap_servers: <ldap uri, e.g. ldaps://ldap.mydomain.com>
ldap_search_base: ou=Users,dc=example,dc=com
ldap_filter: (uid=%u)
We recommend simplicity for teset configurations. Create users in a particular OU and put that ou in the ldap_search_base. Create the users with a uid (shortname) and use that in the ldap_filter parameter.
Your saslauthd configuration can be tested using the testsaslauthd utility:
testsaslauthd -u testuser -p testpassword -s mongod -f /var/run/saslauthd/mux
Information on configuring saslauthd can be found in the openLDAP Administrator's Guide