mongod crashes with userToDNMapping '{match: ".+", substitution: "{0}"}'

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Minor - P4
    • 6.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Minor Change
    • ALL
    • Hide

      To reproduce this issue, just start a mongod with LDAP enabled with the following userToDNMapping and then try to login it (say mongo --username username --password password --authenticationDatabase '$external' --authenticationMechanism PLAIN).

      security:
  authorization: enabled
  ldap:
    userToDNMapping:
      '{
         match: ".+",
         substitution: "uid={0},ou=DbUsers,dc=mongo,dc=com"
        }'
     ...
      Show
      To reproduce this issue, just start a mongod with LDAP enabled with the following userToDNMapping and then try to login it (say mongo --username username --password password --authenticationDatabase '$external' --authenticationMechanism PLAIN ). security: authorization: enabled ldap: userToDNMapping: '{ match: ".+" , substitution: "uid={0},ou=DbUsers,dc=mongo,dc=com" }' ...
    • Security 2022-06-27
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Hi,

      If a LDAP userToDNMapping rule contains no matching group but has 1 or more substitutions, mongod can start up and run but will crash instantly when a mongod user tries to authenticate via LDAP. I was able to reproduce this issue with the latest version of mongod as well as 5.0 and 4.2.15. I believe it also exists in 4.4.

      Regards,
      Lungang

              Assignee:
              Sara Golemon (Inactive)
              Reporter:
              Lungang Fang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: