From 8a6e6b8e7f581e523ab1ca3749e08d333e6af703 Mon Sep 17 00:00:00 2001 From: kay Date: Mon, 17 Jun 2013 16:32:39 -0400 Subject: [PATCH] DOCS-1612 and 1606 LDAP add mongod parameter and openLDAP conf info --- source/release-notes/2.6.txt | 62 +++++++++++++++++++++++++++++------- 1 file changed, 51 insertions(+), 11 deletions(-) diff --git a/source/release-notes/2.6.txt b/source/release-notes/2.6.txt index f5008fc7bdf..eb7bbb72419 100644 --- a/source/release-notes/2.6.txt +++ b/source/release-notes/2.6.txt @@ -93,6 +93,20 @@ authentication. ``saslauthd`` Configuration ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +On systems with ``/etc/sysconfig/saslauthd``, such as RedHat, Fedora, +CentOS, AWS AMI, set the mechanism ``MECH`` to ``ldap``: + +.. code-block:: none + + MECH=ldap + +On systems with ``/etc/default/saslauthd``, set the mechanisms +option to ``ldap``: + +.. code-block:: none + + MECHANISMS="ldap" + To use with ActiveDirectory, start ``saslauthd`` with the following config file contents: @@ -103,43 +117,69 @@ config file contents: ldap_mech: DIGEST-MD5 ldap_auth_method: fastbind +To connect to an openLDAP server, use a test ``saslauthd.conf`` file +such as the following sample configuration: + +.. code-block:: none + + ldap_servers: + ldap_search_base: ou=Users,dc=example,dc=com + ldap_filter: (uid=%u) + +To use this sample openLDAP configuration, create users with a ``uid`` +attribute (login name) and place under the ``Users`` organizational +unit (``ou``). + +To test the ``saslauthd`` configuration, use ``testsaslauthd`` utility, +as in the following example: + +.. code-block:: sh + + testsaslauthd -u testuser -p testpassword -s mongod -f /var/run/saslauthd/mux + +For more information on ``saslauthd`` configuration, see +``_. + MongoDB Server Configuration ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configure the MongoDB server with the ``saslauthdPath`` parameter using -either the command line option -:option:`--setParameter ` or the +Configure the MongoDB server with the ``authenticationMechanisms`` +parameter and the ``saslauthdPath`` parameters using either the command +line option :option:`--setParameter ` or the :doc:`configuration file `: - If ``saslauthd`` has a socket path of ``///saslauthd``, set the ``saslauthdPath`` parameter to - ``///saslauthd/mux``, as in the following command line - example: + ``///saslauthd/mux`` and the ``authenticationMechanisms`` + parameter to ``PLAIN``, as in the following command line example: .. code-block:: sh - mongod --setParameter saslauthdPath=///saslauthd/mux + mongod --setParameter saslauthdPath=///saslauthd/mux --setParameter authenticationMechanisms=PLAIN Or to set the configuration in the :doc:`configuration file - `, add the parameter: + `, add the parameters: .. code-block:: sh setParameter=saslauthdPath=///saslauthd/mux + setParameter=authenticationMechanisms=PLAIN -- Otherwise, set the ``saslauthdPath`` to the empty string to use the - library's default value, as in the following command line example: +- Otherwise, set the ``saslauthdPath`` to the empty string ``""`` to use + the library's default value and the ``authenticationMechanisms`` + parameter to ``PLAIN``, as in the following command line example: .. code-block:: sh - mongod --setParameter saslauthdPath="" + mongod --setParameter saslauthdPath="" --setParameter authenticationMechanisms=PLAIN Or to set the configuration in the :doc:`configuration file - `, add the parameter: + `, add the parameters: .. code-block:: sh setParameter=saslauthdPath="" + setParameter=authenticationMechanisms=PLAIN Authenticate in the ``mongo`` Shell ```````````````````````````````````