Failed to acquier LDAP group membershop


We have C# application which run as service and every 5 minutes pushes data to MongoDB.

Our connection string for MongoDB is (It uses Kerberose)

mongodb://svc_APP-UAT%40MYCOMPANY.COM@server-n1:27017,server-n2:27017,server-n3:27017/?ssl=true&replicaSet=RS_PROD&readPreference=primary&serverSelectionTimeoutMS=5000&connectionTimeoutMS=10000&authSource=$external&authMechanism=GSSAPI&applicationName=MY TEST APPLICATION

Application able to save data to MongoDB every 5 minutes , however intermittently we get following error and data doesn’t get save to MongoDB

MongoDB.Driver.MongoAuthenticationException: Unable to authenticate using sasl protocol mechanism GSSAPI. —> MongoDB.Driver.MongoCommandException: Command saslContinue failed: Failed to acquire LDAP group membership.

Any thoughts above error?


As you’re on Enterprise Advanced my first advise is open a support ticket with MongoDB Support.

I have seen this with slow or unresponsive LDAP/AD servers. You need to discuss this performance with the team responsible.

Also check if you have ldapUserCacheInvalidationInterval set on the servers this can reduce the frequency of which the group membership has to be queried from ldap in general but may not address the root cause.

Thank you Chris. We will look into to open ticket with MongoDB support
Currently we are using kerberose (just user name used in connection string) for MongoDB connectivity , will make a difference if we use LDAP (user name and password both in connection string) instead of Kerberose while initiating the connection from client app?


Kerberos is providing authentication. (Are you who you say you are)

Authorization(What you can access) is via LDAP.

The LDAP portion is what is causing you issues right now. The server will query ldap as to what group memberships the authenticaed user has access to.

I see. Thanks for clarification