Bypassing LDAP for MongoDb Users

Question

Environment:

MongoDb: 3.0 Enterprise Edition

Linux: Red Hat Enterprise Linux Server release 6.4 (Santiago)

Use case:

• We need to have the above three MongoDb users which are not present in LDAP (they need to be available for technical modifications)
• We will have ~60 users which will be authenticated via LDAP

We need to be able to run MongoDb authentication and LDAP authentication in parallel.

We have installed MongoDb and created three different users on MongoDb:

• admin
• repAdmin
• ROOT

Afterwards we have enabled LDAP configuration as per documentation on http://docs.mongodb.org/manual/tutorial/configure-ldap-sasl-activedirectory/

After that we've added two LDAP Users to the MongoDb ("$external") for testing purposes. Then we enabled the auth option in the MongoDb Configuration file and restarted MongoDb. After we've enabled the auth option, all authentication is failing, LDAP as well as MongoDb.

Only the if the auth option is disabled the users which are present in LDAP are getting authenticated successfully.

Problem: How can we authenticate the three users (admin, repAdmin and ROOT), which are not available in LDAP, over the MongoDb Shell and all other users via LDAP?

Many thanks for your support :)

Answer 1

Solution: the two different machanisms need to be added in the configuration. Like:

authenticationMechanisms=PLAIN,MONGODB-CR

After that, it's necessary to create the users which should be authenticated via LDAP as followed:

db.getSiblingDB("$external").createUser({ user : "syranno", roles: [ { role: "readWrite", db: "testdb" } ] } )

By adding the user to $external, MongoDb knows to authenticate this user against LDAP.