We’re considering using the external authentication over sasl to authenticate users over our existing ldap infrastructure.
I installed the percona server for mongodb 3.4 from the .deb files on an Ubuntu 16.04 (Xenial) and configured saslauthd and libsasl according to [url]https://www.percona.com/doc/percona-server-for-mongodb/3.4/authentication.html[/url].
Unfortunately I’m not able to authenticate in the client with “db.getSiblingDB(”$external").auth({ mechanism:“PLAIN”, user:“”, pwd:“”, digestPassword:false})". The following error message appears: Error: Unsupported mechanism PLAIN
testsaslauth works. And as far as I can tell from the debug output of saslauthd, the auth request does not even reach saslauthd.
Hi, Juckerf. I had similar issues getting LDAP working on CentOS with Percona 3.0 so I might be able to offer some tips.
Make sure that you’ve got a file called “mongodb.conf” in /etc/sasl2 - the filename must be exactly that.
Make sure that your saslauthd.conf file points to your LDAP server and that the “ldap_filter” is set to the proper mask.
In your mongoX.conf file (where you set the logpath, fork and other stuff) make sure you have “setParameter=saslauthdPath=/var/run/saslauthd/mux” and “setParameter=authenticationMechanisms=PLAIN,SCRAM-SHA-1,MONGODB-CR”
I’m attaching a PDF that one of the support techs sent - it helped me bridge the gap between the posted documentation and a working LDAP setup.
Thanks a million!
Your 3rd tip was the missing piece (as you stated, this isn’t documented anywhere in the online docs).
When I started mongod with the setParameter-options it first failed with “Error: Authentication failed.” (and nothing was logged in saslauthd). But this seemed a lot better than my previous error.
After setting the permissions on /var/run/saslauthd (777 as stated in your attached pdf) it now works as it should
Hi Jim, Still we are having issues. LDAP properly configured and able to test with testsaslauthd. However, we are not getting Authentication failed when trying to connect mongo shell. Few details are below
