Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44926

Startup warning when both saslauthd and native LDAP are configured

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.4.0-rc2
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • Security 2020-04-20

      Currently customers can create config like the following:

      { 
  ....
   security: { 
     authorization: "enabled", 
     clusterAuthMode: "x509", 
     ldap: { 
       authz: { queryTemplate: "{USER}?memberOf?base" }, 
       bind: { method: "simple", queryPassword: "<password>", queryUser: "ldapuser@intranet.....com" }, 
       servers: "ldapad.....", 
       transportSecurity: "tls", 
       userToDNMapping: ...
ldapQuery:  ...
      sasl: { serviceName: "myKerbService" } }, 
      setParameter: { 
         authenticationMechanisms: "GSSAPI,PLAIN", 
          saslServiceName: "myKerbService", saslauthdPath: "/var/run/saslauthd/mux" }, 
      ...

      In the above both saslauthdPath and security.ldap.servers are configured although only one can be used when the application requests LDAP authentication.

      There should be:

      1. A startup warning that conflicting parameters are specified
      2. A log line explicitly stating which LDAP method will be used for authentication

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            nicholas.cottrell@mongodb.com Nic Cottrell
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: