Not the answer you need?
Register and ask your own question!

SASL/LDAP Authentication: Error: Unsupported mechanism PLAIN

juckerfjuckerf EntrantCurrent User Role Beginner
Hi,

We're considering using the external authentication over sasl to authenticate users over our existing ldap infrastructure.
I installed the percona server for mongodb 3.4 from the .deb files on an Ubuntu 16.04 (Xenial) and configured saslauthd and libsasl according to https://www.percona.com/doc/percona-server-for-mongodb/3.4/authentication.html.
Unfortunately I'm not able to authenticate in the client with "db.getSiblingDB("$external").auth({ mechanism:"PLAIN", user:"<Username>", pwd:"<PW>", digestPassword:false})". The following error message appears: Error: Unsupported mechanism PLAIN
testsaslauth works. And as far as I can tell from the debug output of saslauthd, the auth request does not even reach saslauthd.

Comments

  • Jim@NWEA[email protected] Entrant Current User Role Beginner
    Hi, Juckerf. I had similar issues getting LDAP working on CentOS with Percona 3.0 so I might be able to offer some tips.

    * Make sure that you've got a file called "mongodb.conf" in /etc/sasl2 - the filename must be exactly that.
    * Make sure that your saslauthd.conf file points to your LDAP server and that the "ldap_filter" is set to the proper mask.
    * In your mongoX.conf file (where you set the logpath, fork and other stuff) make sure you have "setParameter=saslauthdPath=/var/run/saslauthd/mux" and "setParameter=authenticationMechanisms=PLAIN,SCRAM-SHA-1,MONGODB-CR"

    I'm attaching a PDF that one of the support techs sent - it helped me bridge the gap between the posted documentation and a working LDAP setup.

    Cheers!
    -Jim
  • juckerfjuckerf Entrant Current User Role Beginner
    Hi Jim

    Thanks a million!
    Your 3rd tip was the missing piece (as you stated, this isn't documented anywhere in the online docs).
    When I started mongod with the setParameter-options it first failed with "Error: Authentication failed." (and nothing was logged in saslauthd). But this seemed a lot better than my previous error.
    After setting the permissions on /var/run/saslauthd (777 as stated in your attached pdf) it now works as it should :-)

    Cheers
    Fabian
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.