[SERVER-67066] mongod crashes with userToDNMapping '{match: ".+", substitution: "{0}"}' Created: 07/Jun/22  Updated: 29/Oct/23  Resolved: 16/Jun/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.1.0-rc0

Type: Bug Priority: Minor - P4
Reporter: Lungang Fang Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Minor Change
Operating System: ALL
Steps To Reproduce:

To reproduce this issue, just start a mongod with LDAP enabled with the following userToDNMapping and then try to login it (say mongo --username username --password password --authenticationDatabase '$external' --authenticationMechanism PLAIN).

security:
  authorization: enabled
  ldap:
    userToDNMapping:
      '{
         match: ".+",
         substitution: "uid={0},ou=DbUsers,dc=mongo,dc=com"
        }'
     ...

Sprint: Security 2022-06-27
Participants:

 Description   

Hi,

If a LDAP userToDNMapping rule contains no matching group but has 1 or more substitutions, mongod can start up and run but will crash instantly when a mongod user tries to authenticate via LDAP. I was able to reproduce this issue with the latest version of mongod as well as 5.0 and 4.2.15. I believe it also exists in 4.4.

Regards,
Lungang



 Comments   
Comment by Githook User [ 16/Jun/22 ]

Author:

{'name': 'Lungang Fang', 'email': 'lungang.fang@mongodb.com'}

Message: SERVER-67066 Ensure userToDNMapping with 0 capture group/non-zero substitution works
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/362058cbfb5d81c98d61d58ac12b89b8d11ee193

Generated at Thu Feb 08 06:07:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.