Uploaded image for project: 'Couchbase Documentation'
  1. Couchbase Documentation
  2. DOC-6939

Indicate the potential problems associated with using LDAP to authenticate application identities



    • Task
    • Resolution: Unresolved
    • Major
    • 6.6.0
    • 6.5.1
    • admin
    • None
    • DOC-2020-S12-Jun28
    • 1


      LDAP can be a very convenient way to manage authentication and authorization for human users of the system, but there can be issues configuring the system to authenticate in LDAP for application identities. By "application identities" I mean the identity of the user that's configured to authenticate in Couchbase in the application code.

      We should write a warning or note of some sort in the LDAP docs - the "understanding LDAP authentication and authorization" seems about right. We should say something like the following:

      Note: While LDAP is a convenient way to manage authentication and authorization for human users of Couchbase Server, it is probably not an appropriate way to manage authentication and authorization of application identities that access Couchbase Server for two reasons. First, Couchbase Server needs to access LDAP on initial authentication which will add extra latency to in the connection-establishment sequence that is likely to be undesirable when applications connect to the server. Second, if LDAP is down or the connection to LDAP is unreliable, the system can be effectively unavailable to clients and this increased risk of no availability is also unlikely to be palatable to most application clients.


        No reviews matched the request. Check your Options in the drop-down menu of this sections header.



            tony.hillman Tony Hillman (Inactive)
            dfinlay Dave Finlay
            0 Vote for this issue
            5 Start watching this issue



              Gerrit Reviews

                There are no open Gerrit changes