MongoDB Authentication
MongoDB uses no authentication by default. To enable authentication, the following steps have to be executed:
-
Create a keyfile containing a basic key. A key’s length must be between 6 and 1024 characters and may only contain characters in the base64 set. The key file must not have group or world permissions on UNIX systems. Key file permissions are not checked on Windows systems.
openssl rand -base64741> mongodb-keyfilechown mongodb:mongodb mongodb-keyfilechmod600mongodb-keyfile
-
Edit /etc/mongod.conf and add a line
...security:keyFile: /path/to/mongodb-keyfile... -
Restart mongodb
-
Create a system administrator in mongod:
use admindb.createUser({user:"siteUserAdmin",pwd:"password",roles: [ { role:"userAdminAnyDatabase", db:"admin"} ]})exit -
Try to open a collection on apiomat database:
> mongo apiomatMongoDB shell version:2.6.7connecting to: apiomat> db.Customer.find()The error { "$err" : "not authorized for query on apiomat.Customer", "code" : 13 } must show up.
-
Login as admin:
mongo -u siteUserAdmin -p password --authenticationDatabase admin -
Create an ApiOmat user; root role is required to gain access to all created databases:
use admindb.createUser({user:"apiomat",pwd:"12345678",roles: ["root"]}) -
Set up the password in apiomat.yaml:
yambas:mongodb:userPassword:default:12345678#live:#staging:#test:For a replication setup, see https://docs.mongodb.org/v3.0/tutorial/enable-internal-authentication/
Possible problems:
-
If you start the tomcat and in the log the message "MongoFacade - Error ensure indexes, dbName apiomat ..." occurs, than in the mongodb-log you get the message "Failed to authenticate". To solve this problem, you have to delete all users and change the scheme from version 5 to 3.
mongouse admindb.system.users.remove({})db.system.version.remove({})db.system.version.insert({"_id":"authSchema","currentVersion": 3})Now you have to restart the mongodb and create a new user and go on with step 7.