Mongod service is not starting after add ldap in config file

Greetings, team.
I’m a beginner in mongodb and I have installed mongodb ver 7.0.3 enterprise edition. I’m trying to test ldap configuration, but I encounter a problem when I edit the mongod.conf file with ldap records. The mongod service fails to start after that. I would appreciate any guidance or solution for this issue.

security:
authorization: “enabled”
ldap:
servers: “192.168.10.10”

Also I tried

security:
authorization: “enabled”
ldap:
servers: “192.168.10.10:389”

Hi @Vladimir_Bannikov

Please use code block to retain formatting in you posts.

  • Check the mongod log for errors.
  • Ensure the server can connect to the LDAP server on the port configured.

MongoD will, by default, perform this check and exit if the LDAP server cannot be connected to.
Other LDAP parameters may need to be set as well depending on the LDAP server configuration.

hi Chris, thank you for your support.
here the mongod log

‘’‘’
Failed to bind to LDAP",“attr”:{“status”:{“code”:6,“codeName”:“HostUnreachable”,“errmsg”:“LDAP operation <ldap_sasl_bind_s>, failed to bind to LDAP server at default. (-1/Can’t contact LDAP server): No error could be retrieved from the LDAP server.”},“bindOptions”:“{BindDN: mongod@stsqa01.com, authenticationType: simple}”,“peerAddr”:“(NONE)”}}
‘’‘’‘’

But when we run mongoldap tool getting next:

‘’‘’’
Checking that an server has been specified…
[OK] LDAP server(s) provided in configuration

Checking that the DNS names of the LDAP servers resolve…
* LDAP Host: 192.168.10.10 was successfully resolved to address: 192.168.10.10
[OK] All DNS entries resolved

Connecting to LDAP server…
[FAIL] Attempted to bind to LDAP server without TLS with a plaintext password.
* Sending a password over a network in plaintext is insecure.
* To fix this issue, enable TLS or switch to a different LDAP bind mechanism.

{“t”:{“$date”:“2023-11-15T17:00:45.737Z”},“s”:“I”, “c”:“ACCESS”, “id”:24051, “ctx”:“main”,“msg”:“LDAPAPIInfo”,“attr”:{“infoVersion”:1,“apiVersion”:3001,“protocolVersion”:3,“extensions”:[“X_OPENLDAP”],“vendorName”:“OpenLDAP”,“vendorVersion”:20446,“options”:{“slowLocking”:false,“async”:0,“tlsPackage”:“OpenSSL”,“mozNSSCompat”:false}}}
{“t”:{“$date”:“2023-11-15T17:00:45.738Z”},“s”:“W”, “c”:“ACCESS”, “id”:5661702, “ctx”:“main”,“msg”:“OpenSSL 1.1.1 and higher has no performance impact with libldap_r. Link mongod against libldap_r to enable concurrent use of LDAP. Your OpenSSL version is: OpenSSL 1.1.1 FIPS 11 Sep 2018”}
Checking for Active Directory and Global Catalog Usage…
[OK] Done checking for Active Directory and Global Catalog Usage

Attempting to authenticate against the LDAP server…
[OK] Successful authentication performed

Checking if LDAP authorization has been enabled by configuration…
[INFO] LDAP authorization is not enabled, the configuration will require internal users to be maintained
* Make sure you have ‘security.ldap.authz.queryTemplate’ in your configuration
‘’‘’

What OS are you installing on ?

Red Hat Enterprise Linux release 8.4 (Ootpa)

1 Like

SELinux enforcing, permissive or disabled?

SELinux status: enabled
SELINUX=enforcing

Are you able to run with permissive?

Failing that can you check SELinux for denials related to the mongod process ?

Chris, thank you for your help. The issue was resolved by creating a new Ubuntu box.