Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27402

Unnecessary LDAP option for mongos

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.5.2
    • Component/s: Security, Usability
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL
    • Backport Requested:
      v3.4
    • Sprint:
      Platforms 2017-01-23

      Description

      The "LDAP Module Options" section of mongos --help reads

      LDAP Module Options:
        --ldapServers arg                     Comma separated list of LDAP servers on
                                              format  host:port
        --ldapTransportSecurity arg (=tls)    Transport security used between MongoDB
                                              and remote LDAP server(none|tls)
        --ldapBindMethod arg (=simple)        Authentication scheme to use while
                                              connecting to LDAP. This may either be
                                              'sasl' or 'simple'
        --ldapBindSaslMechanisms arg (=DIGEST-MD5)
                                              Comma separated list of SASL mechanisms
                                              to use while binding to the LDAP server
        --ldapTimeoutMS arg (=10000)          Timeout for LDAP queries (ms)
        --ldapQueryUser arg                   LDAP entity to bind with to perform
                                              queries
        --ldapQueryPassword arg               Password to use while binding to the
                                              LDAP server to perform queries
        --ldapAuthzQueryTemplate arg          Relative LDAP query URL which will be
                                              queried against the host to acquire
                                              LDAP groups. The token {USER} will be
                                              replaced with the mapped username
        --ldapUserToDNMapping arg (=[{match: "(.+)", substitution: "{0}"}])
                                              Tranformation from MongoDB users to
                                              LDAP user DNs
      

      However, the --ldapAuthzQueryTemplate option should not be available for a mongos.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: