<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:32:46 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-54136] Make the authenticate command respect enforceUserClusterSeparation</title>
                <link>https://jira.mongodb.org/browse/SERVER-54136</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The &lt;tt&gt;enforceUserClusterSeparation&lt;/tt&gt; setParameter introduced by&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-45938&quot; title=&quot;Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-45938&quot;&gt;&lt;del&gt;SERVER-45938&lt;/del&gt;&lt;/a&gt; can be used to disable certain sanity checks in the&#160;&lt;tt&gt;createUser&lt;/tt&gt; command, for clusters where they are not relevant.&lt;/p&gt;

&lt;p&gt;We should disable the equivalent checks in the &lt;tt&gt;authenticate&lt;/tt&gt; command when this parameter is active, allowing &quot;cluster member&quot; certificates to authenticate as users stored in the &lt;tt&gt;$external&lt;/tt&gt; database.&lt;/p&gt;

&lt;p&gt;We should also validate why tests introduced by &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-45938&quot; title=&quot;Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-45938&quot;&gt;&lt;del&gt;SERVER-45938&lt;/del&gt;&lt;/a&gt; didn&apos;t identify that this override wasn&apos;t present.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1605025">SERVER-54136</key>
            <summary>Make the authenticate command respect enforceUserClusterSeparation</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="ben.caimano@mongodb.com">Benjamin Caimano</assignee>
                                    <reporter username="spencer.jackson@mongodb.com">Spencer Jackson</reporter>
                        <labels>
                    </labels>
                <created>Fri, 29 Jan 2021 15:52:06 +0000</created>
                <updated>Sun, 29 Oct 2023 21:58:14 +0000</updated>
                            <resolved>Thu, 18 Feb 2021 17:06:03 +0000</resolved>
                                                    <fixVersion>4.9.0</fixVersion>
                    <fixVersion>4.4.5</fixVersion>
                    <fixVersion>4.0.24</fixVersion>
                    <fixVersion>4.2.14</fixVersion>
                                                        <votes>1</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="3674337" author="ben.caimano" created="Fri, 19 Mar 2021 19:25:56 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ben Caimano&apos;, &apos;email&apos;: &apos;ben.caimano@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-54964&quot; title=&quot;Require valid clients for all audit events&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-54964&quot;&gt;&lt;del&gt;SERVER-54964&lt;/del&gt;&lt;/a&gt; Take out extra idl file&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/eb3d2fbac2b4f9240ac20ab2052d1ed04df13c24&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/eb3d2fbac2b4f9240ac20ab2052d1ed04df13c24&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;(Regrettably attached the wrong jira ticket.)&lt;/p&gt;</comment>
                            <comment id="3673894" author="xgen-internal-githook" created="Fri, 19 Mar 2021 17:00:08 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ben Caimano&apos;, &apos;email&apos;: &apos;ben.caimano@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-54136&quot; title=&quot;Make the authenticate command respect enforceUserClusterSeparation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-54136&quot;&gt;&lt;del&gt;SERVER-54136&lt;/del&gt;&lt;/a&gt; Make the authenticate command respect enforceUserClusterSeparation&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/78cbc632402a6a7505dc751789e779921b8d85ce&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/78cbc632402a6a7505dc751789e779921b8d85ce&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3667071" author="xgen-internal-githook" created="Tue, 16 Mar 2021 17:02:42 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ben Caimano&apos;, &apos;email&apos;: &apos;ben.caimano@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-54136&quot; title=&quot;Make the authenticate command respect enforceUserClusterSeparation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-54136&quot;&gt;&lt;del&gt;SERVER-54136&lt;/del&gt;&lt;/a&gt; Make the authenticate command respect enforceUserClusterSeparation&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 664eacb0a0924e6a9ab2d2043e0326946f027a39)&lt;br/&gt;
Branch: v4.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/0b8bd0798190c3aaa077d22682cf1b4b41055021&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/0b8bd0798190c3aaa077d22682cf1b4b41055021&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3665378" author="xgen-internal-githook" created="Mon, 15 Mar 2021 20:24:24 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ben Caimano&apos;, &apos;email&apos;: &apos;ben.caimano@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-54136&quot; title=&quot;Make the authenticate command respect enforceUserClusterSeparation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-54136&quot;&gt;&lt;del&gt;SERVER-54136&lt;/del&gt;&lt;/a&gt; Make the authenticate command respect enforceUserClusterSeparation&lt;br/&gt;
Branch: v4.4&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/c60f7a4f2d00d26aeb79720fdc4e0080d3df38c1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/c60f7a4f2d00d26aeb79720fdc4e0080d3df38c1&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3664987" author="simon.levesque@morganstanley.com" created="Mon, 15 Mar 2021 18:05:06 +0000"  >&lt;p&gt;The big issue is that we were waiting for a long time on&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-45938&quot; title=&quot;Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-45938&quot;&gt;&lt;del&gt;SERVER-45938&lt;/del&gt;&lt;/a&gt; and&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-45938&quot; title=&quot;Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-45938&quot;&gt;&lt;del&gt;SERVER-45938&lt;/del&gt;&lt;/a&gt; is just not usable until this fix is put it.&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-45938&quot; title=&quot;Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-45938&quot;&gt;&lt;del&gt;SERVER-45938&lt;/del&gt;&lt;/a&gt; cannot work and never worked...&lt;/p&gt;

&lt;p&gt;In other words, that is a blocker for us and we need that fix asap.&lt;/p&gt;

&lt;p&gt;thanks&lt;/p&gt;</comment>
                            <comment id="3664963" author="salman.baset" created="Mon, 15 Mar 2021 17:57:16 +0000"  >&lt;p&gt;We are working on a back port for 4.0 and expect to deliver it in July time frame.&lt;/p&gt;</comment>
                            <comment id="3623379" author="xgen-internal-githook" created="Thu, 18 Feb 2021 17:01:40 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ben Caimano&apos;, &apos;email&apos;: &apos;ben.caimano@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-54136&quot; title=&quot;Make the authenticate command respect enforceUserClusterSeparation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-54136&quot;&gt;&lt;del&gt;SERVER-54136&lt;/del&gt;&lt;/a&gt; Make the authenticate command respect enforceUserClusterSeparation&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/5a76da986da7166226cc3da2eed081bc5263bfe6&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/5a76da986da7166226cc3da2eed081bc5263bfe6&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                            <outwardlinks description="causes">
                                        <issuelink>
            <issuekey id="2251868">SERVER-73576</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="148431">SERVER-14655</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2251887">DOCS-15864</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1127925">SERVER-45938</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="18953"><![CDATA[v4.4]]></customfieldvalue>
    <customfieldvalue key="16775"><![CDATA[v4.2]]></customfieldvalue>
    <customfieldvalue key="15640"><![CDATA[v4.0]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K00000saOi7QAE]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 10 Feb 2021 17:12:37 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 46 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>The enforceUserClusterSeparation setParameter is now available on mongos as well as mongod. Additionally, if it is set to false and clusterAuthMode is set to &amp;quot;x509&amp;quot;, &amp;quot;sendX509&amp;quot;, or &amp;quot;sendKeyFile&amp;quot;, the process will fail during startup.</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16942"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 46 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>ben.caimano@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>salman.baset@mongodb.com</customfieldvalue>
            <customfieldvalue>simon.levesque@morganstanley.com</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hys27r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hydonj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4573">Security 2021-02-22</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_17051" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Teams Impacted</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16943"><![CDATA[Cloud]]></customfieldvalue>
    <customfieldvalue key="16945"><![CDATA[Drivers]]></customfieldvalue>
    <customfieldvalue key="16946"><![CDATA[Triage and Release]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyrogv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>