Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-1612

saslauthd configuration needs additional details to avoid common mistakes

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • mongodb-2.6
    • mongodb-2.6
    • manual
    • None
    • ldap/saslauthd

    Description

      In the LDAP section of the release notes there is a section on saslauthd configuration. That should be ammended with the following information:

      On systems with /etc/sysconfig/saslauthd (RH, Fedora, CentOS, AWS AMI) make sure mech is set to ldap (not PAM)

      MECH=ldap

      on systems with /etc/default/saslauthd ensure the MECHANISMS is set to ldap

      MECHANISMS="ldap"

      To connect to an openLDAP server, a saslauthd.conf file like the following can be used:

      ldap_servers: <ldap uri, e.g. ldaps://ldap.mydomain.com>
      ldap_search_base: ou=Users,dc=example,dc=com
      ldap_filter: (uid=%u)

      We recommend simplicity for teset configurations. Create users in a particular OU and put that ou in the ldap_search_base. Create the users with a uid (shortname) and use that in the ldap_filter parameter.

      Your saslauthd configuration can be tested using the testsaslauthd utility:

      testsaslauthd -u testuser -p testpassword -s mongod -f /var/run/saslauthd/mux

      Information on configuring saslauthd can be found in the openLDAP Administrator's Guide

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            michael.grundy Michael Grundy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              10 years, 35 weeks, 1 day ago