-
Type:
Improvement
-
Resolution: Works as Designed
-
Priority:
Unknown
-
None
-
Affects Version/s: None
-
None
https://docs.mongodb.com/manual/core/security-ldap-external/ says:
> LDAP and kerberos authentication normally require creating users in the $external database. If you also use LDAP for authorization, you do not need to create users in the $external database. You only need to create the appropriate roles in the admin database. Users still authenticate against the $external database.
I read that as authentication is always done against the $external database.
https://docs.mongodb.com/ruby-driver/master/tutorials/ruby-driver-authentication/ however says:
> For the PLAIN mechanism (LDAP), the default auth source is the database to which the client is connecting; if no database is specified, the $external database is used as the auth source.
This causes an auth spec test failure:
1) Auth connection-string.yml should recognize the mechanism (PLAIN) when the auth configuration is valid creates a client with the correct credentials
Failure/Error: expect(test.received_credential).to eq(test.expected_credential)
expected: {"auth_mech"=>:plain, "auth_source"=>"$external", "password"=>"password", "user"=>"user"}
got: {"auth_mech"=>:plain, "auth_source"=>"admin", "password"=>"password", "user"=>"user"}
(compared using ==)
Diff:
@@ -1,5 +1,5 @@
"auth_mech" => :plain,
-"auth_source" => "$external",
+"auth_source" => "admin",
"password" => "password",
"user" => "user",
# ./spec/spec_tests/auth_spec.rb:37:in `block (7 levels) in <top (required)>'
# ./spec/support/background_thread_registry.rb:65:in `block (2 levels) in <top (required)>'