Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-67066

mongod crashes with userToDNMapping '{match: ".+", substitution: "{0}"}'

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Minor - P4 Minor - P4
    • 6.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Minor Change
    • ALL
    • Hide

      To reproduce this issue, just start a mongod with LDAP enabled with the following userToDNMapping and then try to login it (say mongo --username username --password password --authenticationDatabase '$external' --authenticationMechanism PLAIN).

      security:
  authorization: enabled
  ldap:
    userToDNMapping:
      '{
         match: ".+",
         substitution: "uid={0},ou=DbUsers,dc=mongo,dc=com"
        }'
     ...
      Show
      To reproduce this issue, just start a mongod with LDAP enabled with the following userToDNMapping and then try to login it (say mongo --username username --password password --authenticationDatabase '$external' --authenticationMechanism PLAIN ). security: authorization: enabled ldap: userToDNMapping: '{ match: ".+" , substitution: "uid={0},ou=DbUsers,dc=mongo,dc=com" }' ...
    • Security 2022-06-27

      Hi,

      If a LDAP userToDNMapping rule contains no matching group but has 1 or more substitutions, mongod can start up and run but will crash instantly when a mongod user tries to authenticate via LDAP. I was able to reproduce this issue with the latest version of mongod as well as 5.0 and 4.2.15. I believe it also exists in 4.4.

      Regards,
      Lungang

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            lungang.fang@mongodb.com Lungang Fang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: