[DOCS-9993] Ops Manager docs should specify that when using LDAP authz, you cannot use the same DN as the automation agent as for the other agents Created: 10/Mar/17  Updated: 25/Apr/17  Resolved: 22/Apr/17

Status: Closed
Project: Documentation
Component/s: Ops Manager
Affects Version/s: None
Fix Version/s: ops-manager-3.4

Type: Improvement Priority: Major - P3
Reporter: Dennis Kuczynski Assignee: Anthony Sansone (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 6 years, 42 weeks, 2 days ago
Epic Link: C/OM Security
Story Points: 0.3

 Description   

We recently had two customers attempt to use the same LDAP group DN for all agents.
See HELP-3875.

The automation agent will auto-generate and manage the role named for the automation agent group DN, so we do not want to let the other agent group DNs match that DN. i.e. we should encourage all DNs to be distinct values. Technically, it should be okay if the monitoring and backup group DNs are the same.

cc tony.sansone



 Comments   
Comment by Githook User [ 25/Apr/17 ]

Author:

{u'username': u'atsansone', u'name': u'Tony Sansone', u'email': u'tony.sansone@mongodb.com'}

Message: (DOCS-9993): Add note about each agent needing its own DN
Branch: v3.4
https://github.com/10gen/mms-docs/commit/e172926e63b8d245f54668a8bf53cbf2996dc067

Comment by Githook User [ 25/Apr/17 ]

Author:

{u'username': u'atsansone', u'name': u'Tony Sansone', u'email': u'tony.sansone@mongodb.com'}

Message: (DOCS-9993): Add note about each agent needing its own DN
Branch: master
https://github.com/10gen/mms-docs/commit/c4e14eb6dabdc19250fa4ac6b00547dfa6e90682

Comment by Dennis Kuczynski [ 07/Apr/17 ]

Yes, that sounds right to me

Comment by Dennis Kuczynski [ 10/Mar/17 ]

For now, we'll just be logging a warning if the user tries to use the same DN for the automation agent and another agent.
So we just need to advise against this configuration. Technically it will work in the next release, but we do not want to support it if the automation agent roles ever are no longer a super-set of the roles required by monitoring/backup.

Generated at Thu Feb 08 07:59:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.