Uploaded image for project: 'Couchbase Go SDK'
  1. Couchbase Go SDK
  2. GOCBC-1139

dcpagent Authentication Mechanism is incorrectly for TLS

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • core-10.0.2, core-9.1.6
    • core-10.0.1, core-9.1.5
    • core-library
    • None
    • 1

    Description

      Problem
      The dcpagent fails to connect over TLS with a LDAP user. This is because the authentication mechanism is set incorrectly:

      	// PLAIN authentication is only supported over TLS
      		 
      	if config.SecurityConfig.UseTLS {
      		 
      		authMechanisms = append(authMechanisms, PlainAuthMechanism)
      		 
      	}

      Plain should not be appended it should over write it:

      	    authMechanisms = []AuthMechanism{PlainAuthMechanism}

      LDAP backed users can only use PLAIN auth to connect to the cluster.

      Note
      I believe agent.go had this same bug but it was fixed in GOCBC-926.

      Steps to reproduce

      1. Setup a one node cluster
      2. Config LDAP auth
      3. Create User backed of LDAP
      4. Connect over TLS as the LDAP user via dcpagent

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. MB-47808 Bump gocbcore to pickup ldap TLS change (gocbc-1139)

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-39570 Revert MB-34751: Don't Dynamically Change Offered SASL Mechanisms Based on External Auth Being Configured

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JCBC-1650 Unable to perform KV Operations by external LDAP users using PLAIN auth mechanism

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MB-34751 Change SDK GCCCP Authentication to MH+ SASL Approach

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              charles.dixon Charles Dixon
              pvarley Patrick Varley (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty