[DOCS-9927] Missing comma in Active Directory LDAP example Created: 21/Feb/17  Updated: 30/Oct/23  Resolved: 27/Mar/17

Status: Closed
Project: Documentation
Component/s: Server
Affects Version/s: 3.4.0
Fix Version/s: Server_Docs_20231030

Type: Task Priority: Major - P3
Reporter: Jason Mimick (Inactive) Assignee: Ravind Kumar (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 6 years, 46 weeks, 2 days ago

 Description   

During a recent consult helping a customer configure the new 3.4 LDAP authentication against AD, we discovered a few doc issues with the tutorial https://docs.mongodb.com/manual/tutorial/authenticate-nativeldap-activedirectory/

First, there is a JSON parsing error in

      userToDNMapping:
         '[
            {
               match: "(.+)"
               ldapQuery: "DC=example,DC=com??sub?(userPrincipalName={0})"
            }
         ]'

There needs to be a comma after the match: "(.+)"

      userToDNMapping:
         '[
            {
               match: "(.+)",
               ldapQuery: "DC=example,DC=com??sub?(userPrincipalName={0})"
            }
         ]'

2. In the sample command to authenticate via the mongo shell there are a couple typos:
it should be authenticationMechanism not authenticationMechanisms which is the mongod/mongos parameter. Then we had to remove the single quotes around PLAIN and $external and not have = signs. The full command which worked through the Windows command prompt should be:

mongo --username sam@DBA.EXAMPLE.COM --password secret123 --authenticationMechanism PLAIN --authenticationDatabase $external --host <hostname> --port <port>



 Comments   
Comment by Githook User [ 27/Mar/17 ]

Author:

{u'username': u'rkumar-mongo', u'name': u'ravind', u'email': u'ravind.kumar@10gen.com'}

Message: DOCS-9989: Typo in mongo command, other fixes

Added fixes from DOCS-9927 as well, specifically removing
quotes and '=' from the command

Signed-off-by: kay <kay.kim@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/d26ff458a737b7dae7e186d4f4ba4d469dd9a6a4

Comment by Jason Mimick (Inactive) [ 27/Mar/17 ]

Hi Ravind,

I just posted a comment on your commit - I think you still need to remove
the last 's' from --authenticationMechanisms

Thanks-
Jason

On Mon, Mar 27, 2017 at 3:22 PM, Ravind Kumar (JIRA) <jira@mongodb.org>

Comment by Githook User [ 21/Feb/17 ]

Author:

{u'username': u'rkumar-mongo', u'name': u'ravind', u'email': u'ravind.kumar@10gen.com'}

Message: DOCS-9927: Typos in LDAP tutorial

Signed-off-by: kay <kay.kim@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/13d51937016780480d749f3c6aa8bfd0d204489c

Comment by Ravind Kumar (Inactive) [ 21/Feb/17 ]

Thanks jason.mimick

That would certainly be helpful information.The tutorial focuses on the full UPN format of usernames because it helps to resolve ambiguous usernames in environments where there are multiple autonomously administrated user namespaces.

That said, if there's a lot of demand from customers to dive in deeper on how to work with userToDNMapping and queryTemplates, we can explore a better option than trying to put it into a specific tutorial step.

Comment by Jason Mimick (Inactive) [ 21/Feb/17 ]

Hi ravind.kumar-

Overall I think it is great, very thorough. One small piece of feedback, it may be useful to explain more about needing to sign on with "user123@example.com" vs just "user123" - like how the @example.com part plays in the userToDNMapping and queryTemplate, and how to adjust if you didn't want users to add the @ part to their sign-in.

Thanks-

Generated at Thu Feb 08 07:59:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.