Details
-
Bug
-
Resolution: Fixed
-
Major
-
2.5.2
-
None
-
None
-
SDK 45: IPv6, HC
Description
Raised on behalf of forum post: https://forums.couchbase.com/t/authentication-failure-with-external-user-credentials/14687
The issue is that SCRAM-SHA1 is not supported with RBAC external authentication and .NET SDK automatically selects most secure transport.
Suggested solution is to create a configuration property called "forceSaslPlain" that defaults to true and will force the auth mechanism type to Plain if set, we can skip the request to retrieve available authentication mechanisms.
Would also be good if the server allows a SCRAM based mechanism and fails auth, the log could append " if using LDAP, please set forceSsaslPlain to true".
Attachments
Issue Links
- relates to
-
NCBC-1582 Default forceSaslPlain to true
-
- Resolved
-
-
JVMCBC-473 Add force SASL PLAIN for LDAP compliance
-
- Resolved
-
| For Gerrit Dashboard: NCBC-1575 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 85374,8 | NCBC-1575: Add config to force SASL PLAIN authentication | master | couchbase-net-client | Status: MERGED | +2 | +1 |
| 85838,2 | NCBC-1575: Add info to CarrierPublication to use forceSasl for LDAP | master | couchbase-net-client | Status: MERGED | +2 | +1 |