<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:34:46 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-698] Support for GSSAPI &quot;ServiceHost&quot;</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-698</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;The automation agent requires support for specifying the GSSAPI Service Hostname when connecting directly to MongoDB.&#160; This was a feature in the mgo driver that was added in MGO-35.&#160; Here is the mgo field in the code base:&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/MGO-35&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/MGO-35&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="653390">GODRIVER-698</key>
            <summary>Support for GSSAPI &quot;ServiceHost&quot;</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kris.brandow@mongodb.com">Kristofer Brandow</assignee>
                                    <reporter username="tim.olsen@mongodb.com">Timothy Olsen</reporter>
                        <labels>
                    </labels>
                <created>Thu, 13 Dec 2018 20:22:22 +0000</created>
                <updated>Sat, 28 Oct 2023 11:39:16 +0000</updated>
                            <resolved>Thu, 7 Mar 2019 18:56:53 +0000</resolved>
                                                    <fixVersion>1.0.0-rc2</fixVersion>
                                    <component>Authentication</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="2174829" author="xgen-internal-githook" created="Thu, 7 Mar 2019 18:57:04 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Divjot Arora&apos;, &apos;username&apos;: &apos;divjotarora&apos;, &apos;email&apos;: &apos;divjot.arora@10gen.com&apos;}
&lt;p&gt;Message: Add support for GSSAPI ServiceHost&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-698&quot; title=&quot;Support for GSSAPI &amp;quot;ServiceHost&amp;quot;&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-698&quot;&gt;&lt;del&gt;GODRIVER-698&lt;/del&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Change-Id: I6888326e272ab63ea2594181d09fcf0b9d5c17aa&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/60e1c818f7389f0ced1a35d6904794c0f2ebdf8d&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/60e1c818f7389f0ced1a35d6904794c0f2ebdf8d&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2174581" author="louisa.berger@10gen.com" created="Thu, 7 Mar 2019 16:05:47 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=kris.brandow&quot; class=&quot;user-hover&quot; rel=&quot;kris.brandow&quot;&gt;kris.brandow&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Could we get an update on this? This one is blocking our upgrade to the go driver. &lt;/p&gt;

&lt;p&gt;Thanks!&lt;/p&gt;</comment>
                            <comment id="2165691" author="tim.olsen@10gen.com" created="Thu, 28 Feb 2019 03:30:32 +0000"  >&lt;p&gt;Evergreen run looks good.&lt;/p&gt;

&lt;p&gt;What&apos;s the next step?  Does my fork go into code review?&lt;/p&gt;</comment>
                            <comment id="2165366" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 21:37:34 +0000"  >&lt;p&gt;Ok. I got all of our Kerberos tests to pass in my VM with this: &lt;a href=&quot;https://github.com/tolsen/mongo-go-driver/commit/e3a858d3fa37b7d7683dd066ced7fbade8ffa403&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/tolsen/mongo-go-driver/commit/e3a858d3fa37b7d7683dd066ced7fbade8ffa403&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I&apos;ll now submit this to Evergreen to run our full test suite.&lt;/p&gt;</comment>
                            <comment id="2165302" author="divjot.arora" created="Wed, 27 Feb 2019 21:06:28 +0000"  >&lt;p&gt;Yes.&lt;/p&gt;</comment>
                            <comment id="2165301" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 21:04:35 +0000"  >&lt;p&gt;Still some compilation problems but I&apos;ll help get it to compile on my own fork.&lt;/p&gt;

&lt;p&gt;Should the following line be a newAuthError() instead of fmt.Errorf()?&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/divjotarora/mongo-go-driver/blob/ca0f5169f1b144bb6407733f188697b03665aa78/x/mongo/driver/auth/gssapi.go#L49&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/divjotarora/mongo-go-driver/blob/ca0f5169f1b144bb6407733f188697b03665aa78/x/mongo/driver/auth/gssapi.go#L49&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2165197" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 20:16:36 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=divjot.arora&quot; class=&quot;user-hover&quot; rel=&quot;divjot.arora&quot;&gt;divjot.arora&lt;/a&gt; pushed a fix.  Trying again&lt;/p&gt;</comment>
                            <comment id="2165188" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 20:10:21 +0000"  >&lt;p&gt;It doesn&apos;t compile:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;../../../go.mongodb.org/mongo-driver/x/mongo/driver/auth/internal/gssapi/gss.go:22: imported and not used: &quot;net&quot;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</comment>
                            <comment id="2165185" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 20:08:13 +0000"  >&lt;p&gt;Ok.  Thank you. I&apos;m testing it now&lt;/p&gt;</comment>
                            <comment id="2165179" author="divjot.arora" created="Wed, 27 Feb 2019 20:04:40 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tim.olsen&quot; class=&quot;user-hover&quot; rel=&quot;tim.olsen&quot;&gt;tim.olsen&lt;/a&gt; The port isn&apos;t relevant here because the line that calls net.SplitHostPort ignores the port anyway. The latest commit on &lt;a href=&quot;https://github.com/divjotarora/mongo-go-driver/tree/godriver698&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/divjotarora/mongo-go-driver/tree/godriver698&lt;/a&gt;&#160;should have a fix for the host/port issue.&lt;/p&gt;</comment>
                            <comment id="2165143" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 19:44:57 +0000"  >&lt;p&gt;I think in this case in the implementation, &quot;target&quot; should be constructed from SERVICE_HOST and the port in the passed-in value of target.  I am not super familiar with how this code works, but does that sound right?&lt;/p&gt;</comment>
                            <comment id="2165132" author="jeff.yemin" created="Wed, 27 Feb 2019 19:33:26 +0000"  >&lt;p&gt;In this context there is no port required.  It&apos;s only the host name that matters.  &lt;/p&gt;</comment>
                            <comment id="2165127" author="divjot.arora" created="Wed, 27 Feb 2019 19:31:28 +0000"  >&lt;p&gt;Agreed. Would it just default to 27017 or is there a way to specify the port separately? I&apos;m not familiar with the shell implementation.&lt;/p&gt;</comment>
                            <comment id="2165124" author="jeff.yemin" created="Wed, 27 Feb 2019 19:28:09 +0000"  >&lt;p&gt;It shouldn&apos;t require a port.  &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=divjot.arora&quot; class=&quot;user-hover&quot; rel=&quot;divjot.arora&quot;&gt;divjot.arora&lt;/a&gt; do you agree?&lt;/p&gt;</comment>
                            <comment id="2165121" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 19:26:27 +0000"  >&lt;p&gt;It looks like the implementation requires a port as part of SERVICE_HOST:&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;error creating gssapi: invalid endpoint (localhost) specified: address localhost: missing port in address&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;This is inconsistent as how the feature is used in other libraries/tools.  For example, ServiceHost in mgo is just a hostname.  And --gssapiHostName in the mongo shell is just a hostname.  What do you guys think?&lt;/p&gt;</comment>
                            <comment id="2164904" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 17:00:59 +0000"  >&lt;p&gt;Nevermind.&#160; &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=divjot.arora&quot; class=&quot;user-hover&quot; rel=&quot;divjot.arora&quot;&gt;divjot.arora&lt;/a&gt; has pointed out that his new branch should be sufficient.&#160; I&apos;ll try that out.&lt;/p&gt;</comment>
                            <comment id="2164897" author="tim.olsen@10gen.com" created="Wed, 27 Feb 2019 16:57:24 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=divjot.arora&quot; class=&quot;user-hover&quot; rel=&quot;divjot.arora&quot;&gt;divjot.arora&lt;/a&gt; has provided me with a fix for the last comment&apos;s issue at &lt;a href=&quot;https://github.com/divjotarora/mongo-go-driver/tree/godriver698&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/divjotarora/mongo-go-driver/tree/godriver698&lt;/a&gt;&#160;.&#160; However, that didn&apos;t include the prior change in the PR (which is also needed).&#160; I have combined the two here: &lt;a href=&quot;https://github.com/tolsen/mongo-go-driver/tree/GODRIVER-698&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/tolsen/mongo-go-driver/tree/GODRIVER-698&lt;/a&gt;&#160;.&#160; That&apos;s what I will be testing&lt;/p&gt;</comment>
                            <comment id="2163495" author="tim.olsen@10gen.com" created="Tue, 26 Feb 2019 20:30:39 +0000"  >&lt;p&gt;I&apos;m getting:&#160;&lt;/p&gt;

&lt;p&gt;&quot;error creating gssapi: unknown mechanism property SERVICE_HOST&quot;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;I think we need to add SERVICE_HOST here:&#160;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/blob/master/x/mongo/driver/auth/internal/gssapi/gss.go#L32-L39&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/blob/master/x/mongo/driver/auth/internal/gssapi/gss.go#L32-L39&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2161913" author="tim.olsen@10gen.com" created="Mon, 25 Feb 2019 18:33:45 +0000"  >&lt;p&gt;Thank you.&#160; I&apos;ll test the pull request.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;I&apos;ve filed the DRIVERS ticket:&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2095&quot; title=&quot;Implement GSSAPI ServiceHost support in all drivers&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2095&quot;&gt;DRIVERS-613&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2161859" author="jeff.yemin" created="Mon, 25 Feb 2019 18:13:02 +0000"  >&lt;p&gt;We&apos;ve decided that it&apos;s necessary for drivers to support this feature, and a DRIVERS ticket and associated auth spec change will be forthcoming.&lt;/p&gt;</comment>
                            <comment id="2161857" author="jeff.yemin" created="Mon, 25 Feb 2019 18:12:02 +0000"  >&lt;p&gt;The pull request at &lt;a href=&quot;https://review.gerrithub.io/c/mongodb/mongo-go-driver/+/442585&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://review.gerrithub.io/c/mongodb/mongo-go-driver/+/442585&lt;/a&gt; has been rebased on master, &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tim.olsen&quot; class=&quot;user-hover&quot; rel=&quot;tim.olsen&quot;&gt;tim.olsen&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2161847" author="spencer.jackson@10gen.com" created="Mon, 25 Feb 2019 18:07:14 +0000"  >&lt;p&gt;Here&apos;s where the server plumbs this information down into Cyrus SASL: &lt;a href=&quot;https://github.com/mongodb/mongo/blob/e241839a6a3f0d9249ef735d27be9cd6d797003a/src/mongo/client/cyrus_sasl_client_session.cpp#L261&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/e241839a6a3f0d9249ef735d27be9cd6d797003a/src/mongo/client/cyrus_sasl_client_session.cpp#L261&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2159860" author="kris.brandow" created="Fri, 22 Feb 2019 16:28:18 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=behackett&quot; class=&quot;user-hover&quot; rel=&quot;behackett&quot;&gt;behackett&lt;/a&gt;, we currently use the address that was originally provided. We do have the &lt;tt&gt;me&lt;/tt&gt; field as the &lt;tt&gt;CanonicalAddr&lt;/tt&gt;, but we don&apos;t use that when we create the pool, so the original address is used (in this case the one provided by the connection string).&lt;/p&gt;</comment>
                            <comment id="2159713" author="spencer.jackson@10gen.com" created="Fri, 22 Feb 2019 14:59:32 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=behackett&quot; class=&quot;user-hover&quot; rel=&quot;behackett&quot;&gt;behackett&lt;/a&gt;, Tim is correct. There are no users in MongoDB. But you can still authenticate as users from LDAP. However, authenticating as a user doesn&apos;t guarantee that the user is an administrator. That&apos;s why we require the use of the localhost auth bypass to create the administrative roles for it.&lt;/p&gt;</comment>
                            <comment id="2159367" author="tim.olsen@10gen.com" created="Fri, 22 Feb 2019 03:07:32 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=behackett&quot; class=&quot;user-hover&quot; rel=&quot;behackett&quot;&gt;behackett&lt;/a&gt; With regard to creating the first role:&#160; With LDAP Authorization no users actually exist in MongoDB.&#160; They&apos;re all in LDAP.&#160; User -&amp;gt; permission mapping is done via LDAP group membership.&#160; LDAP groups map to MongoDB custom roles (if they exist).&#160; Since no MongoDB custom roles exist yet, no users have any permissions yet.&#160; Therefore the localhost exception must be provided in order to create the first custom role (which would presumably inherit real privileges).&lt;/p&gt;</comment>
                            <comment id="2159333" author="behackett" created="Fri, 22 Feb 2019 02:07:07 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=kris.brandow&quot; class=&quot;user-hover&quot; rel=&quot;kris.brandow&quot;&gt;kris.brandow&lt;/a&gt;, when an application makes a &lt;em&gt;direct connection&lt;/em&gt; to a single mongod/s does the Go driver continue to use the hostname specified in the URI when creating new connections, or does it replace the provided hostname with the value of the &quot;me&quot; field from ismaster? That is, in &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tim.olsen&quot; class=&quot;user-hover&quot; rel=&quot;tim.olsen&quot;&gt;tim.olsen&lt;/a&gt;&apos;s example will the driver use &quot;locahost&quot; for connections after the initial handshake?&lt;/p&gt;</comment>
                            <comment id="2159322" author="behackett" created="Fri, 22 Feb 2019 01:59:27 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt; or &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=sara.golemon&quot; class=&quot;user-hover&quot; rel=&quot;sara.golemon&quot;&gt;sara.golemon&lt;/a&gt;, can one of you comment on the &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-698?focusedCommentId=2156062&amp;amp;page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2156062&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;above PLAIN auth examples&lt;/a&gt;? Why would connecting over the loopback address be required to create a new role for a user that already exists and has already been authenticated? Since the user already exists, and has already been authenticated the localhost exception seems like a red herring. Is that a server bug?&lt;/p&gt;</comment>
                            <comment id="2156135" author="tim.olsen@10gen.com" created="Tue, 19 Feb 2019 20:12:17 +0000"  >&lt;p&gt;Here is the mongos log around the time that the mgo automation agent creates the initial role:&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.020+0000 I ACCESS   [conn28] Unauthorized: not authorized on admin to execute command { serverStatus: 1, locks: false, recordStats: false, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.021+0000 I NETWORK  [conn28] end connection 10.122.95.11:45316 (2 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.021+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:57938 #33 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.022+0000 I ACCESS   [conn33] note: no users configured in admin.system.users, allowing localhost access&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.027+0000 I ACCESS   [conn33] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.028+0000 I NETWORK  [conn33] end connection 127.0.0.1:57938 (2 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.029+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:57942 #34 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.034+0000 I ACCESS   [conn34] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.036+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:57946 #35 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.041+0000 I ACCESS   [conn35] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.045+0000 I ACCESS   [conn34] Unauthorized: not authorized on admin to execute command { find: &quot;system.version&quot;, filter: { _id: &quot;featureCompatibilityVersion&quot; }, skip: 0, limit: 1, batchSize: 1, singleBatch: true, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.045+0000 I NETWORK  [conn34] end connection 127.0.0.1:57942 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.046+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:57952 #36 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.051+0000 I ACCESS   [conn36] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.052+0000 I ACCESS   [conn36] Unauthorized: not authorized on admin to execute command { find: &quot;system.roles&quot;, filter: { db: &quot;admin&quot;, role: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot; }, skip: 0, limit: 1, batchSize: 1, singleBatch: true, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.053+0000 I NETWORK  [conn36] end connection 127.0.0.1:57952 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.053+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:57956 #37 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.058+0000 I ACCESS   [conn37] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.063+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45360 #38 (5 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.068+0000 I ACCESS   [conn38] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.068+0000 I ACCESS   [conn38] Unauthorized: not authorized on admin to execute command { balancerStatus: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.068+0000 I NETWORK  [conn38] end connection 10.122.95.11:45360 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.102+0000 I ACCESS   [conn22] Unauthorized: not authorized on admin to execute command { serverStatus: 1, locks: false, recordStats: false, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.102+0000 I NETWORK  [conn22] end connection 10.122.95.11:45282 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.661+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45382 #39 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.666+0000 I ACCESS   [conn39] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.666+0000 I ACCESS   [conn39] Unauthorized: not authorized on admin to execute command { getCmdLineOpts: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.666+0000 I NETWORK  [conn39] end connection 10.122.95.11:45382 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.716+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45398 #40 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.721+0000 I ACCESS   [conn40] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.721+0000 I ACCESS   [conn40] Unauthorized: not authorized on admin to execute command { balancerStatus: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.721+0000 I NETWORK  [conn40] end connection 10.122.95.11:45398 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.738+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45402 #41 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.742+0000 I ACCESS   [conn41] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.743+0000 I ACCESS   [conn41] Unauthorized: not authorized on admin to execute command { balancerStatus: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.743+0000 I NETWORK  [conn41] end connection 10.122.95.11:45402 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.822+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45406 #42 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.830+0000 I ACCESS   [conn42] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.831+0000 I ACCESS   [conn42] Unauthorized: not authorized on admin to execute command { getCmdLineOpts: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.831+0000 I NETWORK  [conn42] end connection 10.122.95.11:45406 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.838+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45410 #43 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.843+0000 I ACCESS   [conn43] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.843+0000 I ACCESS   [conn43] Unauthorized: not authorized on admin to execute command { balancerStatus: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.844+0000 I NETWORK  [conn43] end connection 10.122.95.11:45410 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.940+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45414 #44 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.945+0000 I ACCESS   [conn44] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.945+0000 I ACCESS   [conn44] Unauthorized: not authorized on admin to execute command { getCmdLineOpts: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.945+0000 I NETWORK  [conn44] end connection 10.122.95.11:45414 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.949+0000 I NETWORK  [listener] connection accepted from 10.122.95.11:45418 #45 (4 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.953+0000 I ACCESS   [conn45] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.953+0000 I ACCESS   [conn45] Unauthorized: not authorized on admin to execute command { balancerStatus: 1, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T15:26:48.954+0000 I NETWORK  [conn45] end connection 10.122.95.11:45418 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;The corresponding automation agent log:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.053] [.error] [cm/auth/rolemgmt.go:ReadRole:155] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Error finding role=cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc db=admin in admin.system.roles : &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Error calling FindOneWithSort : &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Error calling FindOne in coll (admin.system.roles). res:[&amp;amp;map[]] : not authorized on admin to execute command { find: &quot;system.roles&quot;, filter: { db: &quot;admin&quot;, role: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot; }, skip: 0, limit: 1, batchSize: 1, singleBatch: true, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.053] [.debug] [cm/atmcreds/atmcreds.go:upsertAtmLdapRole:227] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Received auth error while trying to find automation role.  Assuming we need to create it.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.053] [.debug] [cm/mongoctl/processctl.go:RunCommandWithTimeout:863] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Starting RunCommand(dbName=admin, cmd=[{createRole cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc} {roles [[{role clusterAdmin} {db admin}] [{role readWriteAnyDatabase} {db admin}] [{role userAdminAnyDatabase} {db admin}] [{role dbAdminAnyDatabase} {db admin}] [{role restore} {db admin}] [{role backup} {db admin}]]} {privileges []}]) to ip-10-122-95-11.ec2.internal:9010 (local=true) ...&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.053] [.debug] [cm/connectionpool/connectionpool.go:dialSessionWithTimeout:548] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Attempting to dial a session for cp = ip-10-122-95-11.ec2.internal:9010 (local=true), direct = false, consistency = 2, timeout = 40s, failFast = true, identitiesToTry: [automation-agent@$external[[PLAIN]][12] __system@local[[MONGODB-CR/SCRAM-SHA-1 SCRAM-SHA-256]][19] ]&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.053] [.debug] [cm/connectionpool/connectionpool.go:getPreferredClientCert:386] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Finding preferred client cert for automation-agent@$external[[PLAIN]][12]&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.053] [.debug] [cm/connectionpool/connectionpool.go:getPreferredClientCert:395] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Did not find a preferred client cert for automation-agent@$external[[PLAIN]][12] and there is no default client cert&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.053] [.debug] [cm/connectionpool/connectionpool.go:handleDialAttempt:614] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.053] Attempting to dial ip-10-122-95-11.ec2.internal:9010 (local=true) with identity = automation-agent@$external[[PLAIN]][12], dialinfo = &amp;amp;mgo.DialInfo{Addrs:[]string{&quot;127.0.0.1:9010&quot;}, Direct:false, Timeout:40000000000, FailFast:true, Database:&quot;$external&quot;, ReplicaSetName:&quot;&quot;, Source:&quot;&quot;, Service:&quot;&quot;, ServiceHost:&quot;&quot;, Mechanism:&quot;PLAIN&quot;, Username:&quot;automation-agent&quot;, Password:&quot;(omitted)&quot;, PoolLimit:0, ReadPreference:(*mgo.ReadPreference)(nil), WriteConcern:(*mgo.Safe)(nil), DialServer:(func(*mgo.ServerAddr) (net.Conn, error))(nil), Dial:(func(net.Addr) (net.Conn, error))(nil)} ssl=false clientCert=&amp;lt;nil&amp;gt;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.059] [.debug] [cm/connectionpool/connectionpool.go:handleDialAttempt:621] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.059] Successfully dialed ip-10-122-95-11.ec2.internal:9010 (local=true) with identity = automation-agent@$external[[PLAIN]][12] clientCert=&amp;lt;nil&amp;gt;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.100] [.debug] [cm/mongoctl/processctl.go:func1:897] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.100] ...Finished with runCommandWithTimeout(dbName=admin, cmd=[{createRole cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc} {roles [[{role clusterAdmin} {db admin}] [{role readWriteAnyDatabase} {db admin}] [{role userAdminAnyDatabase} {db admin}] [{role dbAdminAnyDatabase} {db admin}] [{role restore} {db admin}] [{role backup} {db admin}]]} {privileges []}]) to ip-10-122-95-11.ec2.internal:9010 (local=true) with result={&quot;$clusterTime&quot;:{&quot;clusterTime&quot;:6659733373864378372,&quot;signature&quot;:{&quot;hash&quot;:&quot;YsksjtMRUWFhUpClo+GCUQk8iH0=&quot;,&quot;keyId&quot;:6659733159116013597}},&quot;ok&quot;:1,&quot;operationTime&quot;:6659733373864378372}&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.100] [.debug] [cm/atmcreds/atmcreds.go:upsertAtmLdapRole:247] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.100] Result of executing cmd=[{createRole cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc} {roles [[{role clusterAdmin} {db admin}] [{role readWriteAnyDatabase} {db admin}] [{role userAdminAnyDatabase} {db admin}] [{role dbAdminAnyDatabase} {db admin}] [{role restore} {db admin}] [{role backup} {db admin}]]} {privileges []}] to create role cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc@admin was result=map[ok:1 operationTime:6659733373864378372 $clusterTime:map[signature:map[hash:[98 201 44 142 211 17 81 97 97 82 144 165 163 225 130 81 9 60 136 125] keyId:6659733159116013597] clusterTime:6659733373864378372]]&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.100] [.info] [cm/atmcreds/atmcreds.go:upsertAtmLdapRole:248] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.100] &amp;lt;DB_WRITE&amp;gt; Created roles in db admin using cmd [{createRole cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc} {roles [[{role clusterAdmin} {db admin}] [{role readWriteAnyDatabase} {db admin}] [{role userAdminAnyDatabase} {db admin}] [{role dbAdminAnyDatabase} {db admin}] [{role restore} {db admin}] [{role backup} {db admin}]]} {privileges []}]&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2019/02/19 15:26:48.100] [.debug] [state/stateutil/stateutil.go:upsertAutomationCredentials:140] &amp;lt;s+l_mongos1&amp;gt; [15:26:48.100] Successfully added automation credentials&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;The &quot;local = true&quot; in &quot;Successfully dialed ip-10-122-95-11.ec2.internal:9010 (local=true) with identity = automation-agent@$external[&lt;span class=&quot;error&quot;&gt;&amp;#91;PLAIN&amp;#93;&lt;/span&gt;]&lt;span class=&quot;error&quot;&gt;&amp;#91;12&amp;#93;&lt;/span&gt; clientCert=&amp;lt;nil&amp;gt;&quot; means that the agent dialed to 127.0.0.1&lt;/p&gt;</comment>
                            <comment id="2156100" author="jeff.yemin" created="Tue, 19 Feb 2019 19:58:06 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tim.olsen&quot; class=&quot;user-hover&quot; rel=&quot;tim.olsen&quot;&gt;tim.olsen&lt;/a&gt; please post the mongos logs from when you run the same test with mgo.&lt;/p&gt;</comment>
                            <comment id="2156085" author="tim.olsen@10gen.com" created="Tue, 19 Feb 2019 19:50:10 +0000"  >&lt;p&gt;I am unable to test the Kerberos + LDAP Authorization combination because there does not exist LDAP entries on the evergreen test ldap server that correspond to entries on the test kerberos server.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;But I believe the example illustrates my point.&#160; In an LDAP Authorization setup, you must login to localhost AND authenticate as a user that has the role you are looking to create.&#160; In order to do that in a Kerberos + LDAP Authorization set up, I believe you need ServiceHost support.&lt;/p&gt;</comment>
                            <comment id="2156067" author="tim.olsen@10gen.com" created="Tue, 19 Feb 2019 19:42:51 +0000"  >&lt;p&gt;Here&apos;s the mongos log:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:36:34.791+0000 I ACCESS   [conn7059] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:36:46.183+0000 I ACCESS   [UserCacheInvalidator] User cache generation changed from 5c6c5aa2ce2c42bed2e458bb to 5c6c5ac0ce2c42bed2e45940; invalidating user cache&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:36:53.997+0000 I ACCESS   [conn7059] Unauthorized: not authorized on admin to execute command { createRole: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [ &quot;root&quot; ], privileges: [], writeConcern: { w: &quot;majority&quot;, wtimeout: 600000.0 }, lsid: { id: UUID(&quot;198c682e-5c9b-4510-8dd1-e22e19fc569d&quot;) }, $clusterTime: { clusterTime: Timestamp(1550604992, 1), signature: { hash: BinData(0, 4B06E5F200B29D2FE9570237D5985B2D2F65D341), keyId: 6659794044572401693 } }, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:36:58.058+0000 I NETWORK  [conn7059] end connection 10.122.3.75:36692 (0 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:03.387+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:35744 #7060 (1 connection now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:03.388+0000 I NETWORK  [conn7060] received client metadata from 127.0.0.1:35744 conn7060: { application: { name: &quot;MongoDB Shell&quot; }, driver: { name: &quot;MongoDB Internal Client&quot;, version: &quot;4.0.6&quot; }, os: { type: &quot;Linux&quot;, name: &quot;Amazon Linux release 2.0 (2017.12) LTS Release Candidate&quot;, architecture: &quot;x86_64&quot;, version: &quot;Kernel 4.9.76-38.79.amzn2.x86_64&quot; } }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:03.390+0000 I ACCESS   [conn7060] Unauthorized: not authorized on admin to execute command { getLog: &quot;startupWarnings&quot;, lsid: { id: UUID(&quot;dbd281c1-13e1-450e-999f-94a237cf7df6&quot;) }, $clusterTime: { clusterTime: Timestamp(1550605022, 1), signature: { hash: BinData(0, C93B2B820C03AB3DF3B4E1EBFE7E2ED92FAF695B), keyId: 6659794044572401693 } }, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:13.241+0000 I ACCESS   [conn7060] Not authorized to create the first role in the system &apos;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc@admin&apos; using the localhost exception. The user needs to acquire the role through external authentication first.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:13.241+0000 I ACCESS   [conn7060] Unauthorized: not authorized on admin to execute command { createRole: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [ &quot;root&quot; ], privileges: [], writeConcern: { w: &quot;majority&quot;, wtimeout: 600000.0 }, lsid: { id: UUID(&quot;dbd281c1-13e1-450e-999f-94a237cf7df6&quot;) }, $clusterTime: { clusterTime: Timestamp(1550605028, 1), signature: { hash: BinData(0, 54E2C0E048178B413812FA5AFA918CD3A89FF8C9), keyId: 6659794044572401693 } }, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:14.041+0000 I ACCESS   [conn7060] Unauthorized: not authorized on admin to execute command { endSessions: [ { id: UUID(&quot;dbd281c1-13e1-450e-999f-94a237cf7df6&quot;) } ], $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:14.042+0000 I NETWORK  [conn7060] end connection 127.0.0.1:35744 (0 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:16.009+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:35746 #7061 (1 connection now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:16.010+0000 I NETWORK  [conn7061] received client metadata from 127.0.0.1:35746 conn7061: { application: { name: &quot;MongoDB Shell&quot; }, driver: { name: &quot;MongoDB Internal Client&quot;, version: &quot;4.0.6&quot; }, os: { type: &quot;Linux&quot;, name: &quot;Amazon Linux release 2.0 (2017.12) LTS Release Candidate&quot;, architecture: &quot;x86_64&quot;, version: &quot;Kernel 4.9.76-38.79.amzn2.x86_64&quot; } }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:16.013+0000 I ACCESS   [conn7061] Unauthorized: not authorized on admin to execute command { getLog: &quot;startupWarnings&quot;, lsid: { id: UUID(&quot;185a84c8-0cf0-4f04-802b-5363d658c5aa&quot;) }, $clusterTime: { clusterTime: Timestamp(1550605035, 2), signature: { hash: BinData(0, 8A18E2EF03A8E7DF802008E45DB7B17E2BC52311), keyId: 6659794044572401693 } }, $db: &quot;admin&quot; }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:16.183+0000 I ACCESS   [UserCacheInvalidator] User cache generation changed from 5c6c5ac0ce2c42bed2e45940 to 5c6c5adece2c42bed2e459c8; invalidating user cache&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:16.183+0000 I SH_REFR  [ConfigServerCatalogCacheLoader-3] Refresh for collection config.system.sessions took 0 ms and found the collection is not sharded&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:16.183+0000 I CONTROL  [LogicalSessionCacheRefresh] Sessions collection is not set up; waiting until next sessions refresh interval: Collection config.system.sessions is not sharded.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:24.016+0000 I ACCESS   [conn7061] Successfully authenticated as principal automation-agent on $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</comment>
                            <comment id="2156062" author="tim.olsen@10gen.com" created="Tue, 19 Feb 2019 19:41:15 +0000"  >&lt;p&gt;I now believe ServiceHost support will be necessary.&lt;/p&gt;

&lt;p&gt;I am unable to test Kerberos+LDAP authorization because we do not have entries in the evergreen test ldap server that correspond with the test kerberos server.  However, I can test LDAP authentication with LDAP authorization.  My testing shows that the only way to create the initial role on a sharded cluster is to connect to localhost AND authenticate as a member of that role.&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[ec2-user@ip-10-122-3-75 fulltest]$ /tmp/mms-automation/test/versions/mongodb-linux-x86_64-enterprise-amazon2-4.0.6/bin/mongo `hostname -f`:9010&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB shell version v4.0.6&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;connecting to: mongodb://ip-10-122-3-75.ec2.internal:9010/test?gssapiServiceName=mongodb&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Implicit session: session { &quot;id&quot; : UUID(&quot;198c682e-5c9b-4510-8dd1-e22e19fc569d&quot;) }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB server version: 4.0.6&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; use $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;switched to db $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; db.auth({mechanism: &quot;PLAIN&quot;, user: &quot;automation-agent&quot;, pwd: &quot;r3Itd41khkRV&quot;, digestPassword: false})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;1&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; use admin&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;switched to db admin&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; db.createRole({role: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [&quot;root&quot;], privileges: []})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:36:53.997+0000 E QUERY    [js] Error: not authorized on admin to execute command { createRole: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [ &quot;root&quot; ], privileges: [], writeConcern: { w: &quot;majority&quot;, wtimeout: 600000.0 }, lsid: { id: UUID(&quot;198c682e-5c9b-4510-8dd1-e22e19fc569d&quot;) }, $clusterTime: { clusterTime: Timestamp(1550604992, 1), signature: { hash: BinData(0, 4B06E5F200B29D2FE9570237D5985B2D2F65D341), keyId: 6659794044572401693 } }, $db: &quot;admin&quot; } :&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;_getErrorWithCode@src/mongo/shell/utils.js:25:13&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;DB.prototype.createRole@src/mongo/shell/db.js:1779:1&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;@(shell):1:1&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;bye&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[ec2-user@ip-10-122-3-75 fulltest]$ /tmp/mms-automation/test/versions/mongodb-linux-x86_64-enterprise-amazon2-4.0.6/bin/mongo localhost:9010&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB shell version v4.0.6&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;connecting to: mongodb://localhost:9010/test?gssapiServiceName=mongodb&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Implicit session: session { &quot;id&quot; : UUID(&quot;dbd281c1-13e1-450e-999f-94a237cf7df6&quot;) }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB server version: 4.0.6&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; use admin&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;switched to db admin&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; db.createRole({role: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [&quot;root&quot;], privileges: []})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-19T19:37:13.241+0000 E QUERY    [js] Error: not authorized on admin to execute command { createRole: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [ &quot;root&quot; ], privileges: [], writeConcern: { w: &quot;majority&quot;, wtimeout: 600000.0 }, lsid: { id: UUID(&quot;dbd281c1-13e1-450e-999f-94a237cf7df6&quot;) }, $clusterTime: { clusterTime: Timestamp(1550605028, 1), signature: { hash: BinData(0, 54E2C0E048178B413812FA5AFA918CD3A89FF8C9), keyId: 6659794044572401693 } }, $db: &quot;admin&quot; } :&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;_getErrorWithCode@src/mongo/shell/utils.js:25:13&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;DB.prototype.createRole@src/mongo/shell/db.js:1779:1&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;@(shell):1:1&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;bye&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[ec2-user@ip-10-122-3-75 fulltest]$ /tmp/mms-automation/test/versions/mongodb-linux-x86_64-enterprise-amazon2-4.0.6/bin/mongo localhost:9010&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB shell version v4.0.6&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;connecting to: mongodb://localhost:9010/test?gssapiServiceName=mongodb&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Implicit session: session { &quot;id&quot; : UUID(&quot;185a84c8-0cf0-4f04-802b-5363d658c5aa&quot;) }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB server version: 4.0.6&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; use $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;switched to db $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; db.auth({mechanism: &quot;PLAIN&quot;, user: &quot;automation-agent&quot;, pwd: &quot;r3Itd41khkRV&quot;, digestPassword: false})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;1&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; use admin&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;switched to db admin&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; db.createRole({role: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [&quot;root&quot;], privileges: []})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;{&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;	&quot;role&quot; : &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;,&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;	&quot;roles&quot; : [&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;		&quot;root&quot;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;	],&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;	&quot;privileges&quot; : [ ]&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;}&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB Enterprise mongos&amp;gt; &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;I believe connecting to localhost while authenticating via Kerberos requires ServiceHost support.  &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jeff.yemin&quot; class=&quot;user-hover&quot; rel=&quot;jeff.yemin&quot;&gt;jeff.yemin&lt;/a&gt; What do you think?&lt;/p&gt;</comment>
                            <comment id="2154992" author="tim.olsen@10gen.com" created="Mon, 18 Feb 2019 22:04:21 +0000"  >&lt;p&gt;I may have spoken too soon.  When I run the test on evergreen it fails.  My virtual box where it worked has the hostname mapped to 127.0.1.1 (sic).  Maybe MongoDB considers that to also be localhost.  I will investigate further to see if it is possible to create an initial role on an LDAP Authz/Kerberos sharded cluster deployment on an evergreen machine.&lt;/p&gt;</comment>
                            <comment id="2154377" author="tim.olsen@10gen.com" created="Sun, 17 Feb 2019 18:09:45 +0000"  >&lt;p&gt;Yep. That worked.&lt;/p&gt;

&lt;p&gt;I am gaining confidence that we will be able to do without ServiceHost.&lt;/p&gt;

&lt;p&gt;But still, I am unable to run some of our auth tests until &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-803&quot; title=&quot;Add option to allow authenticating with an arbiter&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-803&quot;&gt;&lt;del&gt;GODRIVER-803&lt;/del&gt;&lt;/a&gt; is resolved.  So I think we can continue to hold off on ServiceHost.  Once &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-803&quot; title=&quot;Add option to allow authenticating with an arbiter&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-803&quot;&gt;&lt;del&gt;GODRIVER-803&lt;/del&gt;&lt;/a&gt; is resolved I will be able to run our remaining auth tests and see if they uncover any problems with there not being ServiceHost support.&lt;/p&gt;</comment>
                            <comment id="2154370" author="tim.olsen@10gen.com" created="Sun, 17 Feb 2019 17:33:17 +0000"  >&lt;p&gt;Hmm.. Maybe in the case of LDAP Authz I need to not use the localhost exception.  I&apos;ll try that.&lt;/p&gt;</comment>
                            <comment id="2154369" author="tim.olsen@10gen.com" created="Sun, 17 Feb 2019 17:30:26 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jeff.yemin&quot; class=&quot;user-hover&quot; rel=&quot;jeff.yemin&quot;&gt;jeff.yemin&lt;/a&gt; I am having trouble creating the first role in a system using LDAP Native Authorization while not being authenticated (but using the localhost exception) on a mongos.&#160; Here are the relevant log lines from the mongos:&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-16T21:35:45.717+0000 I NETWORK&#160; [thread2] connection accepted from 127.0.0.1:49876 #730 (343 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-16T21:35:45.718+0000 I NETWORK&#160; [conn730] received client metadata from 127.0.0.1:49876 conn730: { driver: { name: &quot;mongo-go-driver&quot;, version: &quot;v1.0.0-rc1+prerelease&quot; }, os: { type: &quot;linux&quot;, architecture: &quot;amd64&quot; }, platform: &quot;go1.10.7&quot;, application: { name: &quot;MongoDB Automation Agent v6.4.0 (git: DEV)&quot; } }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-16T21:35:45.720+0000 I ACCESS &#160; [conn730] Not authorized to create the first role in the system &apos;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc@admin&apos; using the localhost exception. The user needs to acquire the role through external authentication first.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2019-02-16T21:35:45.720+0000 I ACCESS &#160; [conn730] Unauthorized: not authorized on admin to execute command { createRole: &quot;cn=automation-agent-group,ou=Groups,dc=10gen,dc=cc&quot;, roles: [ { role: &quot;clusterAdmin&quot;, db: &quot;admin&quot; }, { role: &quot;readWriteAnyDatabase&quot;, db: &quot;admin&quot; }, { role: &quot;userAdminAnyDatabase&quot;, db: &quot;admin&quot; }, { role: &quot;dbAdminAnyDatabase&quot;, db: &quot;admin&quot; }, { role: &quot;restore&quot;, db: &quot;admin&quot; }, { role: &quot;backup&quot;, db: &quot;admin&quot; } ], privileges: [], writeConcern: { w: &quot;majority&quot; } } &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;This log appears to imply that I need to authenticate in order to create the first role.  What do you think?  Does this necessitate the support of ServiceHost in the Go driver?&lt;/p&gt;</comment>
                            <comment id="2132477" author="tim.olsen@10gen.com" created="Wed, 30 Jan 2019 19:37:20 +0000"  >&lt;p&gt;Good point.  I&apos;ll have to do some research into this.  We may be able to get around this in the way you describe. &lt;/p&gt;</comment>
                            <comment id="2132416" author="behackett" created="Wed, 30 Jan 2019 19:15:09 +0000"  >&lt;p&gt;Sure, but the point of the localhost exception is you don&apos;t have any users yet so you can&apos;t actually auth. You can connect using localhost and add the first user, drop the connection, then authenticate using whatever the defined auth mechanism is for the cluster.&lt;/p&gt;</comment>
                            <comment id="2132391" author="tim.olsen@10gen.com" created="Wed, 30 Jan 2019 19:04:35 +0000"  >&lt;p&gt;I believe we connect to 127.0.0.1 sometimes in order to access the localhost exception&lt;/p&gt;</comment>
                            <comment id="2132383" author="behackett" created="Wed, 30 Jan 2019 18:59:26 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tim.olsen&quot; class=&quot;user-hover&quot; rel=&quot;tim.olsen&quot;&gt;tim.olsen&lt;/a&gt;, if I understand this request correctly, you need this because automation is connecting to a local mongod/s using &quot;localhost&quot; as the hostname and there may or may not be a way for the Go driver to translate localhost into the server&apos;s canonical name for Kerberos auth. So the proposed solution is to add a SERVICE_HOST option where you pass the canonical name. Since you know the canonical name, otherwise how would you pass it as SERVICE_HOST, why not just connect to mongod/s using the canonical name?&lt;/p&gt;</comment>
                            <comment id="2132271" author="tim.olsen@10gen.com" created="Wed, 30 Jan 2019 17:59:22 +0000"  >&lt;p&gt;We sometimes connect to a mongod or mongos using 127.0.0.1.  If you believe hostname canonicalization will work for the agent, then I am willing to try it.&lt;/p&gt;</comment>
                            <comment id="2132268" author="david.golden" created="Wed, 30 Jan 2019 17:55:29 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tim.olsen&quot; class=&quot;user-hover&quot; rel=&quot;tim.olsen&quot;&gt;tim.olsen&lt;/a&gt;, given&#160;CLOUDP-33451, can you add some context for how the automation agent uses this feature and why hostname canonicalization isn&apos;t sufficient?&lt;/p&gt;</comment>
                            <comment id="2132240" author="behackett" created="Wed, 30 Jan 2019 17:39:56 +0000"  >&lt;p&gt;I&apos;m fine with adding the new option. I just want a spec ticket about it, because no other driver has it, with a discussion of why it&apos;s necessary. I don&apos;t want this research and discussion to get lost in the Go driver ticket tracker, since this will almost certainly come up again in the future.&lt;/p&gt;</comment>
                            <comment id="2132211" author="divjot.arora" created="Wed, 30 Jan 2019 17:30:28 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=behackett&quot; class=&quot;user-hover&quot; rel=&quot;behackett&quot;&gt;behackett&lt;/a&gt; This might be possible in Go, but I wasn&apos;t able to find a good way to do this. We use net.LookupAddr and the documentation says &quot;LookupAddr performs a reverse lookup for the given address, returning a list of names mapping to that address.&quot; Running net.LookupAddr(&quot;127.0.0.1&quot;) resulted in &quot;localhost&quot; and I didn&apos;t see any way of getting the FQDN from there.&lt;/p&gt;</comment>
                            <comment id="2107887" author="ian@10gen.com" created="Mon, 7 Jan 2019 21:22:23 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=craiggwilson&quot; class=&quot;user-hover&quot; rel=&quot;craiggwilson&quot;&gt;craiggwilson&lt;/a&gt; to talk to &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jeff.yemin&quot; class=&quot;user-hover&quot; rel=&quot;jeff.yemin&quot;&gt;jeff.yemin&lt;/a&gt; about what&apos;s next here.&lt;/p&gt;</comment>
                            <comment id="2091365" author="behackett" created="Fri, 14 Dec 2018 19:56:29 +0000"  >&lt;p&gt;The previous research can be found here: &lt;a href=&quot;https://jira.mongodb.org/browse/SPEC-1040&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/SPEC-1040&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;libkrb5&apos;s test suite has a python implementation that&apos;s easy to read.&lt;/p&gt;</comment>
                            <comment id="2091086" author="david.golden" created="Fri, 14 Dec 2018 16:44:21 +0000"  >&lt;p&gt;I&apos;m worried that getaddrinfo isn&apos;t going to be useful with 127.0.0.1/localhost, or at least not portably so.&lt;/p&gt;</comment>
                            <comment id="2091058" author="behackett" created="Fri, 14 Dec 2018 16:24:17 +0000"  >&lt;p&gt;I did some research on how libkrb5 does it a while ago. They do two things:&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;They look up the canonical name using getaddrinfo.&lt;/li&gt;
	&lt;li&gt;They do a reverse DNS lookup on, I think, the canonical name (I&apos;d have to read the source again to be sure about this)&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&lt;a href=&quot;https://web.mit.edu/kerberos/krb5-latest/doc/admin/princ_dns.html#service-principal-canonicalization&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://web.mit.edu/kerberos/krb5-latest/doc/admin/princ_dns.html#service-principal-canonicalization&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2090809" author="craiggwilson" created="Fri, 14 Dec 2018 12:56:57 +0000"  >&lt;p&gt;AH, good point. Yes, it very much is hostname canonicalization.&#160; I wonder if it&apos;s possible to get the right hostname here with proper canonicalization.&lt;/p&gt;</comment>
                            <comment id="2090547" author="david.golden" created="Fri, 14 Dec 2018 00:35:27 +0000"  >&lt;p&gt;Specifically, this is used to connect to localhost (127.0.0.1) but auth as if connecting via the FQDN.&lt;/p&gt;</comment>
                            <comment id="2090538" author="behackett" created="Fri, 14 Dec 2018 00:07:42 +0000"  >&lt;p&gt;That sounds more like hostname canonicalization, which I still don&apos;t think we do right in drivers.&lt;/p&gt;</comment>
                            <comment id="2090502" author="craiggwilson" created="Thu, 13 Dec 2018 23:24:20 +0000"  >&lt;p&gt;No, this is any environment. SERVICE_REALM is the &quot;realm&quot; or domain name, so &quot;MONGODB.COM&quot; for instance. SERVICE_NAME is the service name, which defaults to &quot;mongodb&quot;.&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;What this ticket is about is that the hostname they&apos;ve used in their connection string, eg. &quot;localhost&quot;, is not the fqdn that the server responds to during kerberos negotiation. Some tools need to be able to specify the fqdn separately from the hostname in the URI.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Note that this will not work with any form of discovery that occurs with a replica set member unless all replica set members are setup to respond to the same fqdn. Hence, this really only applies to when a driver is talking directly to single member of whatever topology is setup.&lt;/p&gt;</comment>
                            <comment id="2090493" author="behackett" created="Thu, 13 Dec 2018 23:18:58 +0000"  >&lt;p&gt;Is this needed specifically for Windows environments? How is this different from SERVICE_REALM? We added that to support situations where the service and server are in two different realms, which seems to be a common situation in AD deployments, IIRC.&lt;/p&gt;

&lt;p&gt;FYI &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=craig.wilson%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;craig.wilson@mongodb.com&quot;&gt;craig.wilson@mongodb.com&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="704092">DRIVERS-2095</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="98780">SERVER-11770</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr8c13:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>