[SERVER-24821] Use authentication identity in LDAP backed PLAIN SASL mechanism Created: 27/Jun/16  Updated: 17/May/19  Resolved: 07/Jul/16

Status: Closed
Project: Core Server
Component/s: Internal Code, Security
Affects Version/s: None
Fix Version/s: 3.3.10

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 17 (07/15/16)
Participants:

 Description   

The native LDAP PLAIN SASL mechanism currently parses the authorization identity as the identity to use for the SASL session. We should use the authentication session instead, which is not an optional field. Some SASL stacks seem to leave the authorization field blank.



 Comments   
Comment by Githook User [ 07/Jul/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-24821 Use authcid instead of authzid in SASL PLAIN mechanism
Branch: master
https://github.com/mongodb/mongo/commit/5aa7c8a0b64bcd7e6781d335e6c786483fadee8e

Comment by Githook User [ 07/Jul/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-24821 Use authcid instead of authzid in SASL PLAIN mechanism
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/4ece3e6b55333d0f12325faf1f143c93c37091d3

Generated at Thu Feb 08 04:07:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.