I am trying to get MongoDB running on my localhost (Windows) with authentication.
To do so, I first have to add a user, right?
I did so by starting the daemon using this command:
C:\[…]\mongod.exe -f C:\[…]\mongo.config
mongo.config contains the following:
# Basic database configuration
dbpath = C:\[…]\db\
bind_ip = 127.0.0.1
port = 20571
# Security
noauth = true
# Administration & Monitoring
nohttpinterface = true
After that I connected via this command:
C:\[…]\mongo.exe --port 20571 127.0.0.1
There I added a user:
> use admin
switched to db admin
> db.addUser('test', 'test')
{ "n" : 0, "connectionId" : 1, "err" : null, "ok" : 1 }
{
"user" : "test",
"readOnly" : false,
"pwd" : "a6de521abefc2fed4f5876855a3484f5",
"_id" : ObjectId("50db155e157524b3d2195278")
}
To check if everything worked I did the following:
> db.system.users.find()
{ "_id" : ObjectId("50db155e157524b3d2195278"), "user" : "test", "readOnly" : false, "pwd" : "a6de521abefc2fed4f5876855a3484f5" }
Which seemed OK to me.
After that I changed "noauth = true" to "auth = true" in the mongo.config file and restarted the daemon.
Now I expected to be able to connect with user and password:
C:\[…]\mongo.exe --port 20571 -u test -p test 127.0.0.1
Which denied access to me with this message:
MongoDB shell version: 2.0.4
connecting to: 127.0.0.1:20571/127.0.0.1
Wed Dec 26 16:24:36 uncaught exception: error { "$err" : "bad or malformed command request?", "code" : 13530 }
exception: login failed
So here's my question: Why does the login fail?
I can still connect without providing user and password, but can't access any data because "unauthorized db:admin lock type:-1 client:127.0.0.1". Which is actually what I expected.
As Andrei Sfat told me in the comments on the question I made 2 major errors.
First, I thought I could pass the IP to the Client as a simple argument. But you have to use --host for that.
Instead, the parameter I thought was the IP address actually should be the db name.
So the correct command to connect to a Server is as follows:
C:\[…]\mongo.exe --port 20571 -u test -p test --host 127.0.0.1 admin
Second, users are per database. As I only added the user "test" to the db "admin", it only works there.
Obviously the auth = true configuration wasn't load successfully. Did you forget the -f paramter when you restart the mongod.exe?
C:\[…]\mongod.exe -f C:\[…]\mongo.config
Related
I followed
DigitalOcean Mongodb Install
sudo ufw allow from your_other_server_ip/32 to any
I set your other server as 127.0.01 as I will be connecting it with express local device as localhost:3000
sudo ufw allow from 127.0.0.1/32 to any
and created admin user.
I have also updated mongodb.conf to
logappend=true
bind_ip = 127.0.0.1,139.**.*.**
port = 27017
How can I make connection with mongoose now.
I tried with a gui with ssh connection and it worked.
How can I connect it with HTTP URL.
EDIT - 1
I installed mongodb
https://www.digitalocean.com/community/tutorials/how-to-install-mongodb-on-ubuntu-18-04
And with
https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04#part-two-securing-mongodb
Step 3 — Testing the Remote Connection
I am getting
MongoDB shell version v3.6.3
Enter password:
connecting to: mongodb://139.**.*.***:27017/
MongoDB server version: 3.6.3
And running
> show users
{
"_id" : "testdb.testusr",
"user" : "testusr",
"db" : "testdb",
"roles" : [
{
"role" : "readWrite",
"db" : "testdb"
}
]
}
If i try to connect with mongoose with below code
var connectionString = "mongodb://testusr:testpwd#139.**.*.***:27017/testdb";
mongoose
.connect(connectionString, {
keepAlive: 1,
useUnifiedTopology: true,
useNewUrlParser: true,
})
.then(() => console.log('DB Connected!'))
.catch(err => {
console.log(`DB Connection Error: ${err.message}`);
});
I am getting below output
DB Connection Error: Server selection timed out after 30000 ms
I want to use authentication in my mongodb. So I created a user. Which this user I can connect on command line and insert data without any problem.
But when I want to use this user in grails, I get this error:
{ "serverUsed" : "127.0.0.1:27017" , "ok" : 0.0 , "errmsg" : "auth failed" , "code" : 18 , "codeName" : "AuthenticationFailed"}
When I connect from commandline, everything works:
mongo --port 27017 -u "mongouser" -p "pwd" mydb
My code in Grails:
MongoCredential credential = MongoCredential.createMongoCRCredential("mongouser", "mydb", "pwd".toCharArray())
def mongoClient = new MongoClient( new ServerAddress(host, port), [credential ] )
gMongoCon = new GMongo(mongoClient)
What is wrong here?
Add your mongo credentials in Config.groovy or external config as follows,
grails
{
mongo
{
host = "YOUR_HOST_NAME_OR_IP_ADDRESS" // e.g localhost
port = 27017
username = "mongouser" //Username
password = "pwd" //password
databaseName = "mydb" //Database name
}
}
Note: change the bind_ip from /etc/mongod.conf if the application and
mongo are on different server.
This solution works:
MongoCredential.createCredential(username, datatable, password)
In MongoDB 3.2 I've setup a user with rights:
db.createUser(
{
user: "username",
pwd: "pass",
roles: [ { role: "readWrite", db: "dbname" }]
}
)
db.auth("username", "pass" )
When I use the JMeter(2.13) to connect to the database (using Jmeter's elements MongoDB Source Config , MongoDB Script) and run a query like this:
db.mycollectionname.find()
I get this error:
error: { "$err" : "not authorized on dbname to execute command { $eval: \"db.mycollectionname.find()\", args: [] }" , "code" : 13}
While I have provided all the necessary details Server Address List , Database , User , Password to Jmeter's MongoDB Source Config , MongoDB Script respectively.
Any ideas what can be happening?
I had the same issue. I had to set up a user with eval permissions even though this is not recommended (even the admin user does not have these permissions).
Try that and change you script to look at the new user and it should work.
I have a MongoDB server where I have enabled authentication and created users with DB-specific permissions. The user for this app is defined as shown below i.e. geoAdmin has read, readWrite and dbOwner permissions for the relevant database:
MongoDB shell version: 3.0.0
connecting to: 192.168.2.89/test
> use geo_db
switched to db geo_db
> db.getUser("geoAdmin")
{
"_id" : "geo_db.geoAdmin",
"user" : "geoAdmin",
"db" : "geo_db",
"roles" : [
{
"role" : "read",
"db" : "geo_db"
},
{
"role" : "dbOwner",
"db" : "geo_db"
},
{
"role" : "readWrite",
"db" : "geo_db"
}
]
}
The following query works OK i.e. connecting to the remote server from my local mongo client:
mint:~ $ mongo 192.168.2.89:27017 -u geoAdmin -p secret --authenticationDatabase geo_db
MongoDB shell version: 3.0.0
connecting to: 192.168.2.89/test
> use geo_db
switched to db geo_db
> db.LAD_DEC_2013_GB_BFE.findOne({},{'properties.LAD13NM':1})
{
"_id" : ObjectId("54ffe2824f0787ec1293017f"),
"properties" : {
"LAD13NM" : "Hartlepool"
}
}
I then connect to the same remote host from a ReactiveMongo Play app on the same local client, with this URL in the app config file:
# ReactiveMongo
mongodb.uri = "mongodb://geoAdmin:secret#192.168.2.89:27017/geo_db"
But when my app tries to read from the same collection, I get a MongoDB "code = 13" error:
[DetailedDatabaseException: DatabaseException['not authorized for query on geo_db.LAD_DEC_2013_GB_BFE' (code = 13)]]
The app works fine if I connect to a local MongoDB which does not have authentication enabled.
Any ideas what might be going wrong here?
ReactiveMongo 0.11.7.play23 is supporting mongo 3.0 auth-protocols, but is still using the old as default.
With ReactiveMongo 0.11.7.play23 -plugin, you can make it authenticate with mongo 3.0, by adding "?authMode=scram-sha1" to the end of your mongodb.uri.
E.g.:
mongodb.uri = "mongodb://geoAdmin:secret#192.168.2.89:27017/geo_db?authMode=scram-sha1"
mongo 2.6 uses MONGODB-CR auth protocol and 3.0 uses MONGODB-SHA-1 by default
reactivemongo use MONGODB-CR auth protocol(not sure)
downgrade mongodb 3.0 auth mechanisms to MONGODB-CR
login mongo noauth
remove all user
update the version document for the authSchema.
ex.
db.getSiblingDB("admin").system.users.remove( {} )
db.getSiblingDB("admin").system.version.update(
{ _id: "authSchema" },
{ $set: { currentVersion: 3 } }
);
add authSource parameter to mongodb url
ex.
mongodb.uri = "mongodb://geoAdmin:secret#192.168.2.89:27017/geo_db?authSource=geo_db"
I have create an admin user for my mongo installation as follow:
> use admin
> db.addUser( { user: "test",
pwd: "password",
roles: [ "dbAdminAnyDatabse",
otherDBRoles:
{
"otherTestDB": [ "readWrite" ]
}]
} )
When I try to connect to "otherTestDB" using user: "test" and pwd: "password" with robomongo or java driver i get a wrong authentication error.
where mistake?
You have created a userid for the admin db, so to use that userid you have to connect to the admin db, not the otherTestDB. The otherDBRoles document controls access to other dbs while connected to the admin db as that user. So with the addUser as you have specified it the following command fails because the user is for the admin db, not for the otherTestDB:
$ mongo otherTestDB --username test --password password --eval 'printjson(db.c.findOne())'
connecting to: otherTestDB
Thu Feb 27 10:45:20.722 Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" } at src/mongo/shell/db.js:228
whereas the following command, which connects to the admin db and then uses otherTestDB via getSiblingDB, succeeds:
$ mongo admin --username test --password password --eval 'printjson(db.getSiblingDB("otherTestDB").c.findOne())'
connecting to: admin
{ "_id" : ObjectId("530f5d904dbd43cfb46aab5b"), "hello" : "world" }
If you want a user that can authenticate when connecting to the otherTestDB with that userid and password, you will need to separately add such a user to the otherTestDB.
Does this help?