The enforceUserClusterSeparation setParameter introduced by SERVER-45938 can be used to disable certain sanity checks in the createUser command, for clusters where they are not relevant.
We should disable the equivalent checks in the authenticate command when this parameter is active, allowing "cluster member" certificates to authenticate as users stored in the $external database.
We should also validate why tests introduced by SERVER-45938 didn't identify that this override wasn't present.
- causes
-
SERVER-73576 enforceUserClusterSeparation authenticate validation incorrect
-
- Closed
-
- is related to
-
SERVER-45938 Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile
-
- Closed
-
- related to
-
SERVER-14655 x.509 certificate authentication requires O,OU to differ between client and server
-
- Closed
-