Show/Hide Toolbars

MongoDB Notes

Navigation: Other Tools > Saslauthd

Configuring saslauthd

Scroll Prev Top Next More

 

This procedure is for use on a Ubuntu virtual machine.

 

1.Log into the virtual shell on the MongoDB virtual machine.

2.Install saslauthd with this command:

 

sudo apt-get install sasl2-bin

 

3.Edit the /etc/default/saslauthd file.  Set the attributes MECHANISMS="ldap"  and START=yes.

4.If it does not exist, create the file saslauthd.conf in directory /etc.

5.Edit this file to look like the example below.

6.Restart saslauthd with these commands:

 

sudo service saslauthd stop

sudo service saslauthd start

 

7.Set permissions on directory /var/run/saslauthd with this command:

 

sudo chmod 777 /var/run/saslauthd

 

8.Set permissions on /var/run/saslauthd/mux with this command:

 

sudo chmod 777 /var/run/saslauthd/mux

 

9.Test the connection between saslauthd and your LDAP server with this command:

 

testsaslauthd -u 'sadams' -p secret -f /var/run/saslauthd/mux

Note: the user ID after the -u parameter corresponds to the value of the uid attribute in the distinguished name of the user.  Do not use the full distinguished name in the testsaslauthd command.

 

Example saslauthd.conf File

 

ldap_servers: ldap://192.168.33.10

ldap_search_base: ou=Users,dc=waysysweb,dc=us,dc=com

ldap_filter: (uid=%u)

 

Note: The uid in the LDAP filter corresponds to the uid attribute in the distinguished name of users in the LDAP directory.  

 

Issues

 

The saslauthd utility communicates with the LDAP server using SASL PLAIN.  This means that the LDAP server sends and receives data in plain text.  The LDAP server should use a trusted connection to communicate with saslauthd.

When saslauthd is restarted, it apparently resets the permission on the /var/run/saslauthd directory.  After restarting the utility, set the permission on the directory with: chmod 777 /var/run/saslauthd.