Not the answer you need?
Register and ask your own question!

Mongodb rs cluster ldap configuration

bsiarabsiara Current User Role Poster
Hi, I want to swich my rs cluster from sasl-ldap to direct ldap conection, this is my configuration:
systemLog:
  destination: file
  path: /data/mongod.log
  logAppend: true
  logRotate: reopen
  component:
    accessControl:
      verbosity: 5
storage:
  engine: wiredTiger
  dbPath: /data/db
  directoryPerDB: true
  journal:
    enabled: true
  wiredTiger:
    engineConfig:
      cacheSizeGB: 1
      directoryForIndexes: true
processManagement:
  fork: true
net:
  bindIp: 127.0.0.1,192.168.0.20
  port: 27017
operationProfiling:
  slowOpThresholdMs: 100
replication:
  replSetName: rs1
  oplogSizeMB: 256
security:
  keyFile: /data/keyfile
  clusterAuthMode: keyFile
  authorization: enabled
  ldap:
    servers: 'ldap.domain.com:10389'
    transportSecurity: 'none'
    bind:
      method: 'simple'
      queryUser: 'uid=nobody,ou=people,dc=domain,dc=com'
      queryPassword: 'pass123'
    userToDNMapping:
      '[
        {
           match: "(.+)",
           ldapQuery: "ou=people,dc=domain,dc=com??sub?(&(uid={0})(!(pwdAccountLockedTime=*))(!(description=tech)))"
        }
      ]'
    authz:
      queryTemplate: 'ou=groups,dc=domain,dc=com??sub?(&(objectClass=groupOfUniqueNames)(description=mongo)(uniqueMember={USER}))'
setParameter:
  authenticationMechanisms: "PLAIN,SCRAM-SHA-1,SCRAM-SHA-256"
next create user in $external database:
> db.createUser({"user": "user", "roles": [{"role": "read", "db": "db1"}], "mechanisms": ["PLAIN"] })
Successfully added user: {
	"user" : "user",
	"roles" : [
		{
			"role" : "read",
			"db" : "db1"
		}
	],
	"mechanisms" : [
		"PLAIN"
	]
}
during connection to mongo I get error:
> db.auth({"mechanism": "PLAIN", "user": "user", "pwd": passwordPrompt(), "digestPassword ": false})
Enter password: 
Error: SASL(-4): no mechanism available: No worthy mechs found
0
In my ldap I store passwords in two hash:
sambaNTPassword
userPassword: ssha hash
Please help me, what I'm doing wrong?

Comments

  • Igor SolodovnikovIgor Solodovnikov Percona Percona Staff Role
    edited July 17
    Hello @bsiara
    have you tried to authorize from the command line like this:
    mongo -u "user" -p --authenticationDatabase '$external' --authenticationMechanism 'PLAIN'
    Does it return the same error?
    What LDAP server do you use?
    One note: you don't need to add LDAP user to the $external database. With native LDAP authentication this is not necessary. (But this is not the reason of the issue).
  • bsiarabsiara Current User Role Poster
    Thanks for your reply, using mongo cmd I get the same error:
    mongo -u "user" -p --authenticationDatabase '$external' --authenticationMechanism 'PLAIN'
    Percona Server for MongoDB shell version v4.2.8-8
    Enter password: 
    connecting to: mongodb://127.0.0.1:27017/?authMechanism=PLAIN&authSource=%24external&compressors=disabled&gssapiServiceName=mongodb
    2020-07-17T19:41:52.396+0000 E  QUERY    [js] Error: SASL(-4): no mechanism available: No worthy mechs found :
    [email protected]/mongo/shell/mongo.js:341:17
    @(connect):3:6
    2020-07-17T19:41:52.401+0000 F  -        [main] exception: connect failed
    2020-07-17T19:41:52.401+0000 E  -        [main] exiting with code 1
    As ldap server I use Apache Directory Server. Ok, I deleted user on $external database, but the same error occur.
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.