Details
-
Bug
-
Resolution: Fixed
-
Critical
-
core-10.0.1, core-9.1.5
-
None
-
1
Description
Problem
The dcpagent fails to connect over TLS with a LDAP user. This is because the authentication mechanism is set incorrectly:
// PLAIN authentication is only supported over TLS
|
if config.SecurityConfig.UseTLS {
|
authMechanisms = append(authMechanisms, PlainAuthMechanism)
|
}
|
Plain should not be appended it should over write it:
authMechanisms = []AuthMechanism{PlainAuthMechanism}
|
LDAP backed users can only use PLAIN auth to connect to the cluster.
Note
I believe agent.go had this same bug but it was fixed in GOCBC-926.
Steps to reproduce
- Setup a one node cluster
- Config LDAP auth
- Create User backed of LDAP
- Connect over TLS as the LDAP user via dcpagent
Attachments
Issue Links
- blocks
-
MB-47808 Bump gocbcore to pickup ldap TLS change (gocbc-1139)
- Closed
- relates to
-
MB-39570 Revert MB-34751: Don't Dynamically Change Offered SASL Mechanisms Based on External Auth Being Configured
- Closed
-
JCBC-1650 Unable to perform KV Operations by external LDAP users using PLAIN auth mechanism
- Closed
-
MB-34751 Change SDK GCCCP Authentication to MH+ SASL Approach
- Closed