Testsaslauthd-authentication failed

MongoDB University M310: MongoDB Security
#1

Stuck here

vagrant@database:~/shared/ldap$ testsaslauthd -u adam -p xxx -f /var/run/saslauthd/mux
0: NO “authentication failed”
vagrant@database:~/shared/ldap$ testsaslauthd -u adam -p xyz -f /var/run/saslauthd/mux
0: NO “authentication failed”
Tried various options as per earlier posts but none worked
How to make sure adam user exists
I pass any user/pwd it gives same error.So is it setup issue or user/pwd issue?
what is the correct vale for for below parameter
ldap_filter: (cn=%u)

Lecture Video/exercise notes says to use uid .Tried both but same result
Any help appreciated
Thanks

#2

I tried various options
Still no success

Started getting new error
vagrant@database:/var/log$ testsaslauthd -u adam -p xxx -f /var/run/saslauthd/mumux
connect() : No such file or directory
After checking unix forums removed /var/run/saslauthd and ran saslauthd again
Now latest error
vagrant@database:/var/log$ testsaslauthd -u adam -p xxxxx -f /var/run/saslauthd/mux
0: NO “authentication failed”

From logs

Feb 18 08:38:18 database saslauthd[22648]: ldap_simple_bind() failed -1 (Can’t contact LDAP server).
Feb 18 08:38:18 database saslauthd[22648]: Retrying authentication
Feb 18 08:38:18 database saslauthd[22648]: ldap_simple_bind() failed -1 (Can’t contact LDAP server).
Feb 18 08:38:18 database saslauthd[22648]: Authentication failed for adam: Retry condition (ldap server connection reset or broken) (-3)
Feb 18 08:38:18 database saslauthd[22648]: do_auth : auth failure: [user=adam] [service=imap] [realm=] [mech=ldap] [reason=Unknown]

#3

I think the ldap Server ip or name or port is wrong.

Regards Ralf

#4

@ Ramachandra_37567

Is the infrastructure system up and running? Your log error messages suggest that the database system cannot reach the infrastructure system for some reason, which is why your testsaslauthd fails.

#5

Yes infrastructure system is up
I went past this by adding port
Now authn is ok

vagrant@database:~$ testsaslauthd -u adam -p password -f /var/run/saslauthd/mux
0: OK “Success.”

Faced lot of other issues
Brought up replicas with LDAP and keyfile and x509
initiated replicaset

MongoDB Enterprise HWLDAP:PRIMARY> db.auth(‘adam’, ‘password’);
Error: Authentication failed.
0
MongoDB Enterprise HWLDAP:PRIMARY> rs.add(‘database.m310.mongodb.university:31161’);
2019-02-18T12:32:04.192+0000 E QUERY [thread1] Error: count failed: {
“ok” : 0,
“errmsg” : “not authorized on local to execute command { count: “system.replset”, query: {}, fields: {} }”,
“code” : 13
} :
Not able to login with user/pwd nor allowing any commands
Repeated steps with various combinations

#6

Hi Ramachandra,

use admin?

Regards Ralf

#7

Hi Ramachandra,

in which DB did you created the user?
I think admin

this is why i wrote
use admin
because the DBusers are in the DB you created them.

Regards Ralf

#8

Hello Ralf

Yes it was created in admin DB only
Still authn did not work
May be due to the way i started mongod’s and options i used to connect to the DB

Thanks

#9