Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-67066

mongod crashes with userToDNMapping '{match: ".+", substitution: "{0}"}'

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor - P4 Minor - P4
    • 6.1.0-rc0
    • None
    • None
    • None
    • Minor Change
    • ALL
    • Hide

      To reproduce this issue, just start a mongod with LDAP enabled with the following userToDNMapping and then try to login it (say mongo --username username --password password --authenticationDatabase '$external' --authenticationMechanism PLAIN).

      security:
        authorization: enabled
        ldap:
          userToDNMapping:
            '{
               match: ".+",
               substitution: "uid={0},ou=DbUsers,dc=mongo,dc=com"
              }'
           ...
      

      Show
      To reproduce this issue, just start a mongod with LDAP enabled with the following userToDNMapping and then try to login it (say mongo --username username --password password --authenticationDatabase '$external' --authenticationMechanism PLAIN ). security: authorization: enabled ldap: userToDNMapping: '{ match: ".+", substitution: "uid={0},ou=DbUsers,dc=mongo,dc=com" }' ...
    • Security 2022-06-27

    Description

      Hi,

      If a LDAP userToDNMapping rule contains no matching group but has 1 or more substitutions, mongod can start up and run but will crash instantly when a mongod user tries to authenticate via LDAP. I was able to reproduce this issue with the latest version of mongod as well as 5.0 and 4.2.15. I believe it also exists in 4.4.

      Regards,
      Lungang

      Attachments

        Activity

          People

            sara.golemon@mongodb.com Sara Golemon
            lungang.fang@mongodb.com Lungang Fang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: