SASL/LDAP Authentication: Error: Unsupported mechanism PLAIN

  • Filter
  • Time
  • Show
Clear All
new posts

  • SASL/LDAP Authentication: Error: Unsupported mechanism PLAIN


    We're considering using the external authentication over sasl to authenticate users over our existing ldap infrastructure.
    I installed the percona server for mongodb 3.4 from the .deb files on an Ubuntu 16.04 (Xenial) and configured saslauthd and libsasl according to https://www.percona.com/doc/percona-...ntication.html.
    Unfortunately I'm not able to authenticate in the client with "db.getSiblingDB("$external").auth({ mechanism:"PLAIN", user:"<Username>", pwd:"<PW>", digestPassword:false})". The following error message appears: Error: Unsupported mechanism PLAIN
    testsaslauth works. And as far as I can tell from the debug output of saslauthd, the auth request does not even reach saslauthd.

  • #2
    Hi, Juckerf. I had similar issues getting LDAP working on CentOS with Percona 3.0 so I might be able to offer some tips.

    * Make sure that you've got a file called "mongodb.conf" in /etc/sasl2 - the filename must be exactly that.
    * Make sure that your saslauthd.conf file points to your LDAP server and that the "ldap_filter" is set to the proper mask.
    * In your mongoX.conf file (where you set the logpath, fork and other stuff) make sure you have "setParameter=saslauthdPath=/var/run/saslauthd/mux" and "setParameter=authenticationMechanisms=PLAIN,S CRAM-SHA-1,MONGODB-CR"

    I'm attaching a PDF that one of the support techs sent - it helped me bridge the gap between the posted documentation and a working LDAP setup.

    Attached Files


    • #3
      Hi Jim

      Thanks a million!
      Your 3rd tip was the missing piece (as you stated, this isn't documented anywhere in the online docs).
      When I started mongod with the setParameter-options it first failed with "Error: Authentication failed." (and nothing was logged in saslauthd). But this seemed a lot better than my previous error.
      After setting the permissions on /var/run/saslauthd (777 as stated in your attached pdf) it now works as it should :-)