SASL/LDAP Authentication: Error: Unsupported mechanism PLAIN

Hi,

We’re considering using the external authentication over sasl to authenticate users over our existing ldap infrastructure.
I installed the percona server for mongodb 3.4 from the .deb files on an Ubuntu 16.04 (Xenial) and configured saslauthd and libsasl according to https://www.percona.com/doc/percona-server-for-mongodb/3.4/authentication.html.
Unfortunately I’m not able to authenticate in the client with “db.getSiblingDB(”$external").auth({ mechanism:“PLAIN”, user:"", pwd:"", digestPassword:false})". The following error message appears: Error: Unsupported mechanism PLAIN
testsaslauth works. And as far as I can tell from the debug output of saslauthd, the auth request does not even reach saslauthd.

Hi, Juckerf. I had similar issues getting LDAP working on CentOS with Percona 3.0 so I might be able to offer some tips.

  • Make sure that you’ve got a file called “mongodb.conf” in /etc/sasl2 - the filename must be exactly that.
  • Make sure that your saslauthd.conf file points to your LDAP server and that the “ldap_filter” is set to the proper mask.
  • In your mongoX.conf file (where you set the logpath, fork and other stuff) make sure you have “setParameter=saslauthdPath=/var/run/saslauthd/mux” and “setParameter=authenticationMechanisms=PLAIN,SCRAM-SHA-1,MONGODB-CR”

I’m attaching a PDF that one of the support techs sent - it helped me bridge the gap between the posted documentation and a working LDAP setup.

Cheers!
-Jim

HowtoconfigureLDAPfromscratch.pdf (55.4 KB)

Hi Jim

Thanks a million!
Your 3rd tip was the missing piece (as you stated, this isn’t documented anywhere in the online docs).
When I started mongod with the setParameter-options it first failed with “Error: Authentication failed.” (and nothing was logged in saslauthd). But this seemed a lot better than my previous error.
After setting the permissions on /var/run/saslauthd (777 as stated in your attached pdf) it now works as it should :slight_smile:

Cheers
Fabian