[SERVER-27402] Unnecessary LDAP option for mongos Created: 13/Dec/16  Updated: 05/Apr/17  Resolved: 05/Jan/17

Status: Closed
Project: Core Server
Component/s: Security, Usability
Affects Version/s: None
Fix Version/s: 3.5.2

Type: Bug Priority: Major - P3
Reporter: Ryan Chipman Assignee: Ryan Chipman
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Duplicate
is duplicated by SERVER-26763 Remove LDAP authorization configurati... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Requested:
v3.4
Sprint: Platforms 2017-01-23
Participants:

 Description   

The "LDAP Module Options" section of mongos --help reads

LDAP Module Options:
  --ldapServers arg                     Comma separated list of LDAP servers on
                                        format  host:port
  --ldapTransportSecurity arg (=tls)    Transport security used between MongoDB
                                        and remote LDAP server(none|tls)
  --ldapBindMethod arg (=simple)        Authentication scheme to use while
                                        connecting to LDAP. This may either be
                                        'sasl' or 'simple'
  --ldapBindSaslMechanisms arg (=DIGEST-MD5)
                                        Comma separated list of SASL mechanisms
                                        to use while binding to the LDAP server
  --ldapTimeoutMS arg (=10000)          Timeout for LDAP queries (ms)
  --ldapQueryUser arg                   LDAP entity to bind with to perform
                                        queries
  --ldapQueryPassword arg               Password to use while binding to the
                                        LDAP server to perform queries
  --ldapAuthzQueryTemplate arg          Relative LDAP query URL which will be
                                        queried against the host to acquire
                                        LDAP groups. The token {USER} will be
                                        replaced with the mapped username
  --ldapUserToDNMapping arg (=[{match: "(.+)", substitution: "{0}"}])
                                        Tranformation from MongoDB users to
                                        LDAP user DNs

However, the --ldapAuthzQueryTemplate option should not be available for a mongos.



 Comments   
Comment by Githook User [ 05/Jan/17 ]

Author:

{u'username': u'rychipman', u'name': u'Ryan Chipman', u'email': u'ryan@ryanchipman.com'}

Message: SERVER-27402: Remove unused LDAP option from mongos
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/a0cdbf39c72e3c655b0f77b95dcecdaf5de8ae03

Generated at Thu Feb 08 04:15:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.