Not the answer you need?
Register and ask your own question!

Percona LDAP configuration

numanoidsnumanoids EntrantInactive User Role Beginner
Hi all,

First time posting however could do with any help anyone could provide. I've setup percona mongodb inside a container and as part of that container i've also got saslauthd running. I'm able to do the testsaslauthd piece fine and it proves my connection to our AD is working fine.

The container is RHEL based and i've put my mongo.conf definition in /etc/sasl2/ however I'm unable to get LDAP authentication working. When i attempt with the following command:

db.getSiblingDB("$external").auth( { user : "user", pwd : "pass", mechanism: "PLAIN", digestPassword: false } ) ;

I get the following error:

Error: Missing expected field "mechanism"

Despite it being referenced in the authentication string, the log file isn't yielding anything valuable either and neither is the saslauthd log but I suspect it isn't even getting as far as trying to talk go the saslauthd daemon.

If anyone can assist in shedding any light on this i'd be greatly appreciative.

Thanks

Comments

  • numanoidsnumanoids Entrant Inactive User Role Beginner
    Just following up on my own post, i've resolved this myself. For anyone's reference it requires ensuring the cyrus-sasl-plain package is present. In fairness i've not had much experience with sasl so i'm glad to have figured this out.
  • zhanglu9zhanglu9 Entrant Current User Role Beginner
    Hi Numanoids,
    I have set this up on CentOS 7 and got same error message when trying to auth against OpenLDAP. The LDAP server is on local host, user openldapper was created and "testsaslauthd -u openldapper -p secret" returned Success. ldap-sample-server/ldap-sample-client test also returned success. When trying to authenticate the user, this message shows up.
    Also, if I had cyrus-sase-ldap installed, starting mongod will result message "mongod: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied" in /var/log/messages. Do you need to install cyrus-sasl-ldap package?

    Do you mind to list the files you need to create/modify?

    Thanks
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.