Password enforcement without LDAP
Enforce complex password policy
Enforce password expiration
Enforce password history
AdminSalman (Admin, MongoDB) commented
Thanks for the feature request. For folks looking to implement password policies for the SCRAM method, we recommend using Hashicorp. Vault provides comprehensive life cycle management for passwords, as well as certificates.
Vault has a secrets engine for MongoDB.
It will be great to add password enforcement policy (to meet SOX requirement & security) within MongoDB itself, instead of using LDAP. It will reduce dependency with AD system. We are facing lot of issues by adopting AD/ LDAP user. Business users are frustrated with this. We ended up developing our own custom tools do this. This adds too much work.
We need a password expiry and auto new password reset after few days.
My banking customer cant use LDAP or Kerebros as external authentication,
But they ask mongodb should provide strong password policy to meet the audit policy of the bank.
I hope mongodb can provide this feature soon.