[DOCS-1962] More information needed for ldap and saslauthd in the release notes Created: 16/Sep/13  Updated: 25/Nov/13  Due: 30/Sep/13  Resolved: 18/Oct/13

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: mongodb-2.6
Fix Version/s: mongodb-2.6

Type: Task Priority: Major - P3
Reporter: rohit.nijhawan@10gen.com Assignee: Bob Grabar
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 10 years, 17 weeks, 6 days ago

 Description   

1. On the release notes page, there is no mention of installing ldap, however, this link below gives a valuable summary of how to do it, step by step - we should link to something that doesn't leave the users wondering.

For anyone who wants to test, we should encourage those persons to actually create an organization, org unit, and at least a user in it.
http://docs.adaptivecomputing.com/viewpoint/hpc/Content/topics/1-setup/installSetup/settingUpOpenLDAPOnCentos6.htm

2. In the Configuration section of "LDAP Support for Authentication" in the release notes, it should be noted that the saslauthd.conf file for saslauthd daemon shall reside in the /etc folder.

3. We should mention that we either assume that LDAP is already installed somewhere and accessible from the machine on which sasl was installed, or if someone follows everything from step 1., they should add users whose LDIF entries actually contain a key value pair with the key being uid specifically, and the value being their user ID.

This is crucial as a new user will not know that the filter on the authentication is being done on the uid attribute. If it was e-mail, then the setting,

"ldap_filter: (uid=%u)"

would change to
"ldap_filter: (email:%u)"

necessitating a corresponding 'email' attribute.
In addition, we should mention that if the user installed ldap on the local machine they can use ldap://localhost:389 as their "ldap_servers" setting

The setting:

"ldap_search_base: ou=Users,dc=example,dc=com" is only relevant if the steps to set up ldap include all of the users in the organizational Unit of users under dc=example,dc=com. And that should be explained or linked to.

4. We ask the user to test the saslauthd facility by running the testsaslauthd tool with the following command:

"testsaslauthd -u testuser -p testpassword -s mongod -f /var/run/saslauthd/mux"

It is important to realize that that '-s mongod' is not required. Just to verify that saslauthd is installed and working correctly with the ldap server, only the -u, -p and -f parameters are needed.

5. mongod must be launched with --auth thus we should also mention that the mongod.conf file should have auth=true in addition to the parameters that are mentioned



 Comments   
Comment by auto [ 17/Oct/13 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-1962 more info for ldap
Branch: master
https://github.com/mongodb/docs/commit/aef7164b31fdc6fef16553deecbc8b6311344424

Generated at Thu Feb 08 07:42:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.