[SERVER-24821] Use authentication identity in LDAP backed PLAIN SASL mechanism Created: 27/Jun/16 Updated: 17/May/19 Resolved: 07/Jul/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code, Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.3.10 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Sprint: | Security 17 (07/15/16) | ||||
| Participants: | |||||
| Description |
|
The native LDAP PLAIN SASL mechanism currently parses the authorization identity as the identity to use for the SASL session. We should use the authentication session instead, which is not an optional field. Some SASL stacks seem to leave the authorization field blank. |
| Comments |
| Comment by Githook User [ 07/Jul/16 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |
| Comment by Githook User [ 07/Jul/16 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |