Do not strip spaces (if present) in DN attributes for tlsX509ClusterAuthDNOverride

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Works as Designed
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL
    • Hide 
      {setParameter 1} {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU=367617758012}

      GerParameter result: 

      {O=Barclays PLC,OU=367617758012}
      Show
      {setParameter 1} {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU=367617758012} GerParameter result: {O=Barclays PLC,OU=367617758012}
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      It seems as if the server removes the spaces between attributes in DNs for the tlsX509ClusterAuthDNOverride setparam:  https://github.com/mongodb/mongo/blob/master/src/mongo/util/net/ssl_manager.cpp#L462

      For example:

      {setParameter 1} {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU=367617758012}

// GerParameter result:
{O=Barclays PLC,OU=367617758012}

      The agent compares the getParam against the setParam to ensure we are in goal state, we have a help ticket (HELP-53222) where the agent was stuck because the strings were different (like the example above) even though the setParam succeeded. We don't do special handling of setParams in the agent, I asked the customer to retry without the spaces and that succeeded.

      Filing a ticket as per the slack discussion: https://mongodb.slack.com/archives/CB3CW8M8C/p1702397252837439

      I understand this might be difficult since what we are essentially asking for here is to preserve the spacing between the attributes (or the actual setParam that was passed in).

            Assignee:
            Unassigned
            Reporter:
            Ahmed Sulaiman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: