Uploaded image for project: 'Couchbase Go SDK'
  1. Couchbase Go SDK
  2. GOCBC-1139

dcpagent Authentication Mechanism is incorrectly for TLS

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • core-10.0.2, core-9.1.6
    • core-10.0.1, core-9.1.5
    • core-library
    • None
    • 1

    Description

      Problem
      The dcpagent fails to connect over TLS with a LDAP user. This is because the authentication mechanism is set incorrectly:

      	// PLAIN authentication is only supported over TLS
      	if config.SecurityConfig.UseTLS {
      		authMechanisms = append(authMechanisms, PlainAuthMechanism)
      	}
      

      Plain should not be appended it should over write it:

      	    authMechanisms = []AuthMechanism{PlainAuthMechanism}
      

      LDAP backed users can only use PLAIN auth to connect to the cluster.

      Note
      I believe agent.go had this same bug but it was fixed in GOCBC-926.

      Steps to reproduce

      1. Setup a one node cluster
      2. Config LDAP auth
      3. Create User backed of LDAP
      4. Connect over TLS as the LDAP user via dcpagent

      Attachments

        Issue Links

          Activity

            People

              charles.dixon Charles Dixon
              pvarley Patrick Varley (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                PagerDuty