Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32933

Allow mongod to start when unable to reach LDAP server

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Critical - P2 Critical - P2
    • 3.4.14, 3.6.3, 3.7.2
    • Affects Version/s: 3.4.10, 3.6.2
    • Component/s: Security
    • Labels:
    • Fully Compatible
    • v3.6, v3.4
    • Platforms 2018-01-29, Platforms 2018-02-12

      When using "SCRAM-SHA-1, PLAIN" as your authentication mechanism it would be desirable for mongod to start and continue to run, regardless of the state of the LDAP server since SCRAM users will still be able to authenticate. Currently there is a check on startup of mongod that will prevent the server from starting when the LDAP server can not be validated.

      2018-01-26T17:09:40.763+0000 I CONTROL  [main] ***** SERVER RESTARTED *****
      2018-01-26T17:09:44.649+0000 E ACCESS   [main] Failed to bind to LDAP server at default: Can't contact LDAP server. Bind parameters were: {BindDN: cn=read-only-admin,dc=example,dc=com, authenticationType: simple}
      2018-01-26T17:09:44.649+0000 F CONTROL  [main] Failed global initialization: FailedToParse: Can't connect to the specified LDAP servers, error: LDAP bind failed with error: Can't contact LDAP server

            spencer.jackson@mongodb.com Spencer Jackson
            cory.mintz@mongodb.com Cory Mintz
            0 Vote for this issue
            9 Start watching this issue