Operational Defect Database

BugZero found this defect 2433 days ago.

MongoDB | 399293

[SERVER-29923] SASL authentication session factory should use dynamically LDAP server list

Last update date:

10/30/2023

Affected products:

MongoDB Server

Affected releases:

3.4.5

Fixed releases:

3.7.2

Description:

Info

The SASL authentication session factory uses the presence of an LDAP server in the startup flags to figure out if it should route PLAIN authentication attempts on $external to the native LDAP authentication code. However, if no LDAP server was set on startup, but one was specified dynamically via a setParameter, the factory will not realize that it can produce a native LDAP SASL session, and will incorrectly produce a CyrusSasl authentication session, which will try to use saslauthd which may not be configured.

Top User Comments

xgen-internal-githook commented on Fri, 2 Feb 2018 21:51:55 +0000: Author: {'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'} Message: SERVER-29923: Use dynamic LDAP servers in SASL session factory Branch: master https://github.com/10gen/mongo-enterprise-modules/commit/2a0a80081fefe5305ff54c7b68ef0cd43d1b0379 xgen-internal-githook commented on Fri, 11 Aug 2017 17:12:26 +0000: Author: {'name': 'Tyler Kaye', 'email': 'tyler.kaye@mongodb.com'} Message: SERVER-29923 Re-write the Mongo Server's URI parser and Testing Suite Branch: master https://github.com/mongodb/mongo/commit/880e3c102363611ef09b451737276c0ad9400d11 xgen-internal-githook commented on Fri, 11 Aug 2017 17:12:23 +0000: Author: {'name': 'Tyler Kaye', 'email': 'tkaye@princeton.edu'} Message: Revert "SERVER-29923 Re-write the Mongo Server's URI parser and Testing Suite" This reverts commit 880e3c102363611ef09b451737276c0ad9400d11. Branch: master https://github.com/mongodb/mongo/commit/1e1d27c271431f24cddcd2339151d7215c1178d1 tyler.kaye commented on Thu, 10 Aug 2017 18:37:12 +0000: URI Parsing ticket was mistakenly pushed with this Server Ticket Number. If you are looking for that ticket please see SERVER-29921

Additional Resources / Links

Share:

BugZero Risk Score

Coming soon

Status

Closed

Have you been affected by this bug?

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Discussion

Login to read and write comments.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...