Details
-
Task
-
Resolution: Won't Do
-
Major - P3
-
None
-
None
-
2
Description
The settings for Configuring LDAP Options with ActiveDirectory would never work in the current version of ActiveDirectory. See: https://docs.mongodb.com/manual/tutorial/configure-ldap-sasl-activedirectory/
The /etc/saslauthd.conf says use the following settings:
ldap_servers: <ldap uri>
|
ldap_use_sasl: yes
|
ldap_mech: DIGEST-MD5
|
ldap_auth_method: fastbind
|
MD5 does not work in ActiveDirectory by default. In order to make this work, a user would literally have to go through each user in ActiveDirectory, select a checkbox to enable MD5 and then reset the users password.
Currently, we use the following configuration which may not be ideal, but allows users to connect LDAP to ActiveDirectory
ldap_servers: <ldap uri>
|
ldap_use_sasl: no
|
ldap_match: DIGEST-MD5
|
ldap_auth_method: bind
|
|
|
ldap_search_base: <DC=example,DC=domain,DC=com>
|
ldap_bind_dn: <CN=Test User,CN=Users,DC=example,DC=domain,DC=com>
|
ldap_password:<password>
|
We do need to do some further research here to provide a better configuration, but as of now, this configuration works better than the current suggestion.