Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-8791

LDAP settings for Active Directory do not work

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Won't Do
    • Icon: Major - P3 Major - P3
    • Server_Docs_20231030
    • None
    • manual
    • None
    • 2

    Description

      The settings for Configuring LDAP Options with ActiveDirectory would never work in the current version of ActiveDirectory. See: https://docs.mongodb.com/manual/tutorial/configure-ldap-sasl-activedirectory/

      The /etc/saslauthd.conf says use the following settings:

      ldap_servers: <ldap uri>
      ldap_use_sasl: yes
      ldap_mech: DIGEST-MD5
      ldap_auth_method: fastbind
      

      MD5 does not work in ActiveDirectory by default. In order to make this work, a user would literally have to go through each user in ActiveDirectory, select a checkbox to enable MD5 and then reset the users password.

      Currently, we use the following configuration which may not be ideal, but allows users to connect LDAP to ActiveDirectory

      ldap_servers: <ldap uri>
          ldap_use_sasl: no
          ldap_match: DIGEST-MD5
          ldap_auth_method: bind
       
          ldap_search_base: <DC=example,DC=domain,DC=com>
          ldap_bind_dn: <CN=Test User,CN=Users,DC=example,DC=domain,DC=com>
          ldap_password:<password>
      

      We do need to do some further research here to provide a better configuration, but as of now, this configuration works better than the current suggestion.

      Attachments

        Activity

          People

            ravind.kumar Ravind Kumar (Inactive)
            joshua.maag@mongodb.com Joshua Maag
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              46 weeks, 6 days ago