[DOCS-13117] X.509 auth page does not state that a user with credentials may be required Created: 15/Oct/19 Updated: 30/Oct/23 Due: 11/Sep/20 Resolved: 31/Oct/22 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual |
| Affects Version/s: | None |
| Fix Version/s: | Server_Docs_20231030 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Oleg Pudeyev (Inactive) | Assignee: | Emet Ozar |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | docs-investigating | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Days since reply: | 1 year, 14 weeks, 2 days ago | ||||||||
| Epic Link: | DOCSP-1769 | ||||||||
| Description |
DescriptionI attempted to follow the instructions in https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/ to configure x.509 authentication. This was on a brand new deployment created with mlaunch which had no existing users. My idea was to create the first and only user with x.509 authentication. However, when attempting to create the user (or run other administrative commands), the server always replied with "unauthorized" error even though I have not enabled auth. Investigating this, I believe the following occurred:
Therefore it is my impression that in order to create an x.509 user, when the deployment uses member authentication, one must already have another user with credentials (stored in admin database) created. This is not mentioned in https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/. Scope of changes
Impact to Other DocsGiven that LDAP users are also created on $external I can only assume this issue also applies there. LDAP is a bit of a beast, so if this behavior is intentional and generally true we may need to open up additional tickets to fix this. MVP (Work and Date)Resources (Scope or Design Docs, Invision, etc.) |
| Comments |
| Comment by Education Bot [ 31/Oct/22 ] |
|
Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you! |
| Comment by Oleg Pudeyev (Inactive) [ 05/Oct/20 ] |
|
Assigning to myself for tracking, will assign to jason.price when done investigating. |
| Comment by Oleg Pudeyev (Inactive) [ 10/Sep/20 ] |
|
In the description of the ticket I stated that mlaunch uses --keyFile option which enables authentication. I don't see this option being provided in the subsequent tests performed. I do not see this option referenced in https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/ either, therefore perhaps the issue is really an mlaunch one. I am also confused why this ticket is marked fixed when it appears that no changes were made. What was the fix? |
| Comment by Jason Price [ 09/Sep/20 ] |
|
No doc update needed. |