Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28653

MongoLDAP shouldn't print "FAIL" in correct environments

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 4.1.1
    • None
    • Security
    • Fully Compatible
    • Platforms 2018-06-18

    Description

      Here is a mongoldap log, in which everything works correctly. LDAP authorization is disabled, so we're just testing LDAP authentication.

      sajack@spencerLaptop /home/sajack/mongo git master () % LDAPTLS_CACERT=/home/sajack/mongo-enterprise-modules/jstests/external_auth/assets/ldaptest-ca.pem ./mongoldap --ldapServers ldaptest.10gen.cc --user cn=ldapz_kerberos1,ou=Users,dc=10gen,dc=cc --password Secret123
      Running MongoDB LDAP authorization validation checks...
      Version: 0.0.0
       
      Checking that an LDAP server has been specified...
      [OK] LDAP server found
       
      Connecting to LDAP server...
      [OK] Connected to LDAP server
       
      Attempting to authenticate against the LDAP server...
      [OK] Successful authentication performed
       
      Checking if LDAP authorization has been enabled by configuration...
      [FAIL] LDAP authorization is not enabled, the configuration will require internal users to be maintained
      	* Make sure you have 'security.ldap.authz.queryTemplate' in your configuration
      

      Reading the last entry, and the all caps "FAIL" statement, an administrator may believe this process has failed.

      This is not necessarily helpful, and may make a user believe something bad has happened when everything is actually fine.

      Non-fatal assertions should probably fail with the string "INFO" in the left hand side of the output.

      Attachments

        Activity

          People

            kashish.garg Kashish Garg
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: