Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-35566

setParameter.saslauthdPath no longer defaults to /var/run/saslauthd/mux

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.0-rc6, 4.1.1
    • Component/s: Security
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.0
    • Steps To Reproduce:
      Hide

      Start MongoDB 4.0.0-rc4 with LDAP: mongod --dbpath=db1 --setParameter authenticationMechanisms=PLAIN

      Connect via the shell and attempt to authenticate:

      MongoDB Enterprise > use $external
      switched to db $external
      MongoDB Enterprise > db.auth({mechanism: "PLAIN", user: "user", pwd: "supersecure", digestPassword: false})
      Error: Authentication failed.
      0
      

      Show
      Start MongoDB 4.0.0-rc4 with LDAP: mongod --dbpath=db1 --setParameter authenticationMechanisms=PLAIN Connect via the shell and attempt to authenticate: MongoDB Enterprise > use $external switched to db $external MongoDB Enterprise > db.auth({mechanism: "PLAIN", user: "user", pwd: "supersecure", digestPassword: false}) Error: Authentication failed. 0
    • Sprint:
      Platforms 2018-06-18

      Description

      I've noticed, that when using LDAP with saslauthd, saslauthdPath no longer defaults to /var/run/saslauthd/mux starting in MongoDB 4.0.

      Authenticating using LDAP fails and I get the following error messages in the log:

      2018-06-12T20:18:41.076+0000 E ACCESS   [conn1] Failed to bind to LDAP server at default: Can't contact LDAP server. Bind parameters were: {BindDN: automation-agent, authenticationType: simple}
      2018-06-12T20:18:41.076+0000 I ACCESS   [conn1] SASL PLAIN authentication failed for automation-agent on $external from client 127.0.0.1:43584 ; OperationFailed: LDAP bind failed with error: Can't contact LDAP server
      

      I am able to authenticate successfully if I downgrade to MongoDB 3.6 or specify saslauthdPath.

      This is problematic for users upgrading existing LDAP deployments that do not specify saslauthdPath and depend on it defaulting to /var/run/saslauthd/mux. Such deployments will break upon upgrading to MongoDB 4.0

        Attachments

          Activity

            People

            Assignee:
            sara.golemon Sara Golemon
            Reporter:
            tim.olsen Timothy Olsen
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: