Of Stack

Mongodb 3.2.9 Detailed steps to start user authorization problem

  • 2020-06-19 11:59:51
  • OfStack

preface

After Mongodb is installed, users can directly use it without user name and password. Developers think that as long as the environment is secure enough, authentication can be avoided. However, in actual use, most people still choose to enable authorization for data security.

1. In the old Mongodb (before about 3.0), authentication can be enabled like this:

1. mongo shell Certification under Linux environment: 


>show dbs 
## See the following data  
admin (empty) 
comment 0.203125GB 
dbtest (empty) 
foo 0.203125GB 
local (empty) 
test 0.203125GB 
>use admin 
switched to db admin 
> db.addUser('admin','12345678') ## Add user  
Mon Nov 5 23:40:00 [FileAllocator] allocating new datafile /data/db/admin.ns, filling with zeroes... 
{ 
 "user" : "admin", 
 "readOnly" : false, 
 "pwd" : "89e41c6c28d88d42c21fe501d82969ea", 
 "_id" : ObjectId("5097ddd00342c63efff3fbfb") 
} 
## Run after  
>showdbs 
Mon Nov 5 23:45:13 uncaught exception: listDatabases failed:{ "errmsg" : "need to login", "ok" : 0 } ## Prompt for login  
 
 add --auth  Start the  
./mongod -auth 
./mongo 
 
>use admin 
switched to db admin 
> db.auth('admin','12345678') ## View with the added account password  
Mon Nov 5 23:49:32 [conn56] authenticate db: admin { authenticate: 1, nonce: "304f5242601fafa4", user: "admin", key: "58260df384b1146466efca5c90a5ff05" } 
1 
#1  Indicating successful login  
> show dbs 
admin 0.203125GB 
comment 0.203125GB 
dbtest (empty) 
foo 0.203125GB 
local (empty) 
test 0.203125GB 
> use admin 
switched to db admin 
> show collections; 
system.indexes 
system.users 
> db.system.users.find() ## To find the data  
{ "_id" : ObjectId("5097ddd00342c63efff3fbfb"), "user" : "admin", "readOnly" : false, "pwd" : "89e41c6c28d88d42c21fe501d82969ea" }

2. php code connection Authentication: 


<?php 
##1  Use a superuser connection mongodb 
/*mongodb The connection */ 
$m = new Mongo("mongodb://admin:12345678@192.168.138.35:27017"); 
/* choose melon The database */ 
$db = $m->melon; 
/* A collection of */ 
$collection = melonco; 
/* Select a collection in the database that corresponds to a table */ 
$collection = $db->$collection; 
$array = array('name'=>'melon','age'=>'24','sex'=>'Male','birth'=>array('year'=>'1988','month'=>'07','day'=>'13')); 
$collection->insert($array); 
$cursor = $collection->find(); 
foreach ($cursor as $id => $value) { 
 echo "$id: "; var_dump($value); echo "<br>";  
} 
 
 
###2  Using database users  
/*mongodb The connection */ 
$m = new Mongo("192.168.138.35:27017"); 
/* choose comment*/ 
$db = $m->melon; 
/* Connect to database */ 
$db->authenticate("melon", "melon"); 
/* choose t A collection in a database is equivalent to a table */ 
$collection = $db->melonco; 
$array = array('name'=>'melon_son','age'=>'0','sex'=>'Male','birth'=>array('year'=>'201X','month'=>'07','day'=>'13')); 
$collection->insert($array); 
$cursor = $collection->find(); 
 
foreach ($cursor as $id => $value) { 
 echo "$id: "; var_dump($value); echo "<br>";  
}

2. In Mongodb and shell after version 3.0, the above method can still be used for verification, but php authentication 1 fails, and an error will be reported in the log ( Failed to authenticate myuser@userdb with mechanism MONGODB-CR: AuthenticationFailed MONGODB-CR credentials missing in the user document ), the original version of mongodb added es28EN-SHA-1 calibration mode, and the third tool is needed for verification.

Specific solutions are given below:

First, turn off authentication and change system. version document to authSchema version 3. The initial installation should be 5. The command line is as follows: 


> use admin 
switched to db admin 
> var schema = db.system.version.findOne({"_id" : "authSchema"}) 
> schema.currentVersion = 3 
3 
> db.system.version.save(schema) 
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })

But if you turn on authentication now, it will still prompt you AuthenticationFailed MONGODB-CR credentials missing in the user document

The reason is that the original user created has used SCRAM-ES48en-1 authentication 


> use admin 
> db.auth('root','123456')
> db.system.users.find()
{ "_id" : "admin.root", "user" : "root", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "XoI5LXvuqvxhlmuY6qkJIw==", "storedKey" : "VAT7ZVMw2kFDepQQ6/E0ZGA5UgM=", "serverKey" : "TebHOXdmY6IHzEE1rW1Onwowuy8=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
{ "_id" : "mydb.test", "user" : "test", "db" : "mydb", "credentials" : { "MONGODB-CR" : "c8ef9e7ab00406e84cfa807ec082f59e" }, "roles" : [ { "role" : "readWrite", "db" : "mydb" } ] }

The solution is to delete the newly created user and rebuild it: 


> db.system.users.remove({user:"test"});
> use mydb 
>db.createUser({user:'test',pwd:'123456',roles:[{role:'readWrite',db:'mydb'}]})

Then enable authentication, restart the server, connect with php, 1 cut OK 


<?php 
#1  Use the database user to authenticate the connection mongodb 
/*mongodb The connection */ 
$m = new Mongo("mongodb://test:12345678@localhost:27017/mydb"); 
/* choose melon The database */ 
$db = $m->mydb; 
/* Select the collection in the database stu , equivalent to table */ 
$collection = $db->stu; 
$array = array('name'=>'melon','age'=>'24','sex'=>'Male','birth'=>array('year'=>'1988','month'=>'07','day'=>'13')); 
$collection->insert($array); 
$cursor = $collection->find(); 
foreach ($cursor as $id => $value) { 
 echo "$id: "; var_dump($value); echo "<br>";  
}

conclusion

Related articles: