<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:28:10 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-12303] Group, Role-based Authentication/Authorization via LDAP, Active Directory</title>
                <link>https://jira.mongodb.org/browse/SERVER-12303</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Lightweight Directory Access Protocol (&#8220;LDAP&#8221;) and Active Directory (&#8220;AD&#8221;) are widely used by many IT organizations to standardize and simplify the way large numbers of users are managed across various internal systems and applications.  In many cases, LDAP and/or AD are used as the centralized SSO authority for user access control to ensure that internal security policies are compliant with corporate and regulatory guidelines.  While 2.6 provides MongoDB user level authentication via LDAP/AD, many organizations require that MongoDB users belong to higher level groupings that are easily managed via a centralized resource and, more importantly, abstracted from the MongoDB deployment altogether (meaning MongoDB users are defined and stored in an LDAP or AD directory and not in MongoDB).&lt;/p&gt;

&lt;p&gt;This enhancement extends MongoDB user authentication via LDAP to include LDAP and AD group-based user authorization that is mapped directly to MongoDB defined roles and privileges.  It also provides the option for MongoDB users to be locally and/or remotely defined based on organization requirements.  This option also simplifies management by removing the need to synchronize LDAP/AD and MongoDB user definitions.&lt;/p&gt;

&lt;p&gt;Functional requirements for enhancement include:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;After or as part of authenticating an end user the mongo node should be able to consult an LDAP/AD directory to enumerate and return the list of LDAP/AD groups of which the authenticated user is a member.&lt;/li&gt;
	&lt;li&gt;MongoDB will use this list of returned LDAP/AD groups to map to corresponding MongoDB default or user-defined roles and privileges.  An authenticated user is then authorized by MongoDB based on successful group, role mappings.  MongoDB role definitions with MongoDB specific privileges must exist for this mapping to work.&lt;/li&gt;
	&lt;li&gt;Current functionality of locally defined and authenticated users is preserved, but provide an option that allows users to be defined, stored and authenticated exclusively on a centralized resource (LDAP or AD).  In the latter case, no MongoDB users are stored in MongoDB. The MongoDB connection string will be used to pass the userid, password to LDAP/AD for authentication.  For authenticated users MongoDB would use the userid string for logging purposes only.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Use Case&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Company A uses AD as SSO directory, all end users for all applications are defined there.&lt;/li&gt;
	&lt;li&gt;Joe is defined as a user in AD and is a member of AD CompanyDBA group.&lt;/li&gt;
	&lt;li&gt;MongoDB is added to Joe&#8217;s domain of responsibility.  MongoDB admin adds user-defined role CompanyDBA and all MongoDB specific privileges for this role to MongoDB servers Joe will need access to.&lt;/li&gt;
	&lt;li&gt;MongoDB servers Joe works on are configured to authenticate using AD.&lt;/li&gt;
	&lt;li&gt;Joe logs in to MongoDB server using his AD userid, password, MongoDB reconciles AD server and AD authenticates Joe as a valid user, passes back that Joe is a member of CompanyDBA group.  MongoDB maps this to the MongoDB CompanyDBA user-defined role and grants Joe access based on the privileges granted to that role.  Session privileges are cached until Joe disconnects or there are changes to the privileges granted to the role or roles he is operating under.&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="105268">SERVER-12303</key>
            <summary>Group, Role-based Authentication/Authorization via LDAP, Active Directory</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="spencer.jackson@mongodb.com">Spencer Jackson</assignee>
                                    <reporter username="andre.defrere@mongodb.com">Andre de Frere</reporter>
                        <labels>
                            <label>Windows</label>
                    </labels>
                <created>Thu, 9 Jan 2014 04:21:44 +0000</created>
                <updated>Fri, 5 Jan 2018 04:54:23 +0000</updated>
                            <resolved>Mon, 27 Jun 2016 14:07:59 +0000</resolved>
                                                    <fixVersion>3.3.9</fixVersion>
                                    <component>Security</component>
                                        <votes>6</votes>
                                    <watches>20</watches>
                                                                                                                <comments>
                            <comment id="510626" author="schwerin" created="Thu, 6 Mar 2014 15:05:21 +0000"  >&lt;p&gt;I believe that this is a duplicate of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-9530&quot; title=&quot;LDAP Support for User Role Resolution&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-9530&quot;&gt;&lt;del&gt;SERVER-9530&lt;/del&gt;&lt;/a&gt;, perhaps with a more thorough description.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                                        </outwardlinks>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="91247">SERVER-10864</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="200756">SERVER-18235</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="73810">SERVER-9530</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="108638">SERVER-12558</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="230631">SERVER-20515</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="83282">SERVER-10306</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="86514">DOCS-2445</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[500A000000UaXLcIAN, 500A000000UaYSxIAN]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 6 Mar 2014 15:05:21 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        9 years, 49 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<s><a href='https://jira.mongodb.org/browse/CS-19862'>CS-19862</a></s>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-72</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            9 years, 49 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andre.defrere@mongodb.com</customfieldvalue>
            <customfieldvalue>schwerin@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrm49z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrcyuf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3853</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="569">Security 5 06/26/15</customfieldvalue>
    <customfieldvalue id="573">Security 6 07/17/15</customfieldvalue>
    <customfieldvalue id="951">Security 14 (05/13/16)</customfieldvalue>
    <customfieldvalue id="1008">Security 15 (06/03/16)</customfieldvalue>
    <customfieldvalue id="1009">Security 16 (06/24/16)</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hri34v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>