[SERVER-24014] Cannot log in with native LDAP authentication, LDAP authorization, and ldapUserToDNMapping Created: 02/May/16 Updated: 16/May/16 Resolved: 03/May/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 3.3.5 |
| Fix Version/s: | 3.3.6 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Sprint: | Security 14 (05/13/16) |
| Participants: |
| Description |
|
Both LDAP authentication and LDAP authorization perform userToDN mappings. The mapping performed by authentication is persisted and the resulting DN is used as the username during authorization. This is incorrect, because this postprocessed username might not match any rule in the ldapUserToDNMapping. |
| Comments |
| Comment by Githook User [ 03/May/16 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |