Details
-
Improvement
-
Resolution: Fixed
-
Major - P3
-
None
-
None
-
None
-
Fully Compatible
-
Security 2020-04-20
-
(copied to CRM)
Description
Currently customers can create config like the following:
{
|
....
|
security: {
|
authorization: "enabled",
|
clusterAuthMode: "x509",
|
ldap: {
|
authz: { queryTemplate: "{USER}?memberOf?base" },
|
bind: { method: "simple", queryPassword: "<password>", queryUser: "ldapuser@intranet.....com" },
|
servers: "ldapad.....",
|
transportSecurity: "tls",
|
userToDNMapping: ...
|
ldapQuery: ...
|
sasl: { serviceName: "myKerbService" } },
|
setParameter: {
|
authenticationMechanisms: "GSSAPI,PLAIN",
|
saslServiceName: "myKerbService", saslauthdPath: "/var/run/saslauthd/mux" },
|
...
|
|
In the above both saslauthdPath and security.ldap.servers are configured although only one can be used when the application requests LDAP authentication.
There should be:
1. A startup warning that conflicting parameters are specified
2. A log line explicitly stating which LDAP method will be used for authentication
Attachments
Issue Links
- is related to
-
DOCS-12947 Configuring both setParameter.saslauthdPath and security.ldap.servers clarification and results
-
- Closed
-