Details
-
Task
-
Resolution: Done
-
Major - P3
-
mongodb-2.6
-
None
-
None
Description
1. On the release notes page, there is no mention of installing ldap, however, this link below gives a valuable summary of how to do it, step by step - we should link to something that doesn't leave the users wondering.
For anyone who wants to test, we should encourage those persons to actually create an organization, org unit, and at least a user in it.
http://docs.adaptivecomputing.com/viewpoint/hpc/Content/topics/1-setup/installSetup/settingUpOpenLDAPOnCentos6.htm
2. In the Configuration section of "LDAP Support for Authentication" in the release notes, it should be noted that the saslauthd.conf file for saslauthd daemon shall reside in the /etc folder.
3. We should mention that we either assume that LDAP is already installed somewhere and accessible from the machine on which sasl was installed, or if someone follows everything from step 1., they should add users whose LDIF entries actually contain a key value pair with the key being uid specifically, and the value being their user ID.
This is crucial as a new user will not know that the filter on the authentication is being done on the uid attribute. If it was e-mail, then the setting,
"ldap_filter: (uid=%u)"
would change to
"ldap_filter: (email:%u)"
necessitating a corresponding 'email' attribute.
In addition, we should mention that if the user installed ldap on the local machine they can use ldap://localhost:389 as their "ldap_servers" setting
The setting:
"ldap_search_base: ou=Users,dc=example,dc=com" is only relevant if the steps to set up ldap include all of the users in the organizational Unit of users under dc=example,dc=com. And that should be explained or linked to.
4. We ask the user to test the saslauthd facility by running the testsaslauthd tool with the following command:
"testsaslauthd -u testuser -p testpassword -s mongod -f /var/run/saslauthd/mux"
It is important to realize that that '-s mongod' is not required. Just to verify that saslauthd is installed and working correctly with the ldap server, only the -u, -p and -f parameters are needed.
5. mongod must be launched with --auth thus we should also mention that the mongod.conf file should have auth=true in addition to the parameters that are mentioned