Mongo Atlas: Connection authentication failed with custom databases - node.js

I am trying the Mongo Atlas Cloud. I create a cluster and i am trying a connection with the mongo shell: (same problem with mongo drivers)
mongo mongodb://***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017/any_database?replicaSet=****-Cluster-shard-0 --ssl --username ***** --password *****
this is the connection string in the documentation. And this is the error:
MongoDB shell version: 3.2.7
connecting to: mongodb://***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017/any_database?replicaSet=***-Cluster-shard-0
2016-07-07T01:31:17.535-0300 I NETWORK [thread1] Starting new replica set monitor for ***-Cluster-shard-0/***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017
2016-07-07T01:31:17.535-0300 I NETWORK [ReplicaSetMonitorWatcher] starting
2016-07-07T01:31:20.084-0300 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1441:20
#(auth):6:1
#(auth):1:2
exception: login failed
I can connect to the database only when i use admin database "/admin?" in the connection string.
THE PROBLEM:
I need to connect to a custom database with the console or mongo drivers.
PD: i protect my data with "***"

You authenticate with the admin database. From there you can switch the database.
When connecting using Mongo drivers, your connection string needs add the auth source:
/any_database?authSource=admin&replicaSet=xyz

Adding to Nath's answer, use "--authenticationDatabase admin" if your connecting via the mongo shell and use "authSource=admin" for drivers.
Tested with [MongoDB shell version: 3.2.8]

"authSource=admin" Is a requirement for All Atlas connections.

I also faced the same issue. "admin" user would be created at the time of db creation. If you forgot the password for the default admin user, then it is difficult to connect with the database and access the collections.
You could create one more database user under "Security->Database Access" section and select "Atlas admin" as a role.
If your password contains any special character, then this would be encrypted internally. Hence, use this link (https://www.urlencoder.org/) to encrypt your password (plain text) and use the encrypted string to establish a connection.

Related

How to setup authentication on mongoDB on docker-compose with nodejs?

I want to setup basic authentication while connecting to the mongoDB database using my nodejs application.
Looked at the documentation for mongo image by specifying
environment:
- MONGO_INITDB_ROOT_USERNAME=admin
- MONGO_INITDB_ROOT_PASSWORD=pass
But this does not seem to work, when I use the connection string in nodejs (mongoose) as
mongodb://admin:pass#mongo:27017/myDatabase
I would just like to setup basic authentication to prevent any ransomware attacks like this :
Stackoverflow MongoDB Ransomware
MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD are used to setup superuser account to manage overall databases.
You can connect as admin permission using this connection string
mongodb://<MONGO_INITDB_ROOT_USERNAME>:<MONGO_INITDB_ROOT_PASSWORD>#mongo:27017 and create a database myDatabase, after that you also have to create user with
a role to allow query database.
For example
> use myDatabase
> db.createUser({user: "user", pwd: "user", roles:["dbOwner"]})
Then you can connect with this string
mongodb://user:user#mongo:27017/myDatabase

AWS lambda getting 'unauthorized to perfrom action' when using MongoClient, works fine with mongoose, works fine when running command from shell

Here is the architecture:
I have a MongoDB running on an EC2. When I ssh to the EC2 and run mongo dbname -u username -p password I am able to perform insert into the collection so that should mean that the user has permission in dbname to perform insert on collection
On the other side I have an AWS lambda, VPC is configured. When using mongodb.MongoClient to connect I am authenticated and client.isConnected() returns true but db.collection().insertOne(...) raises an error saying that I'm not authorized to perform action insert on dbname.
The connection string used to connect contains the same username and password used to connect to mongo shell.
I tried using the same options for connection to mongodb, but used mongoose instead and it didn't raise any errors
what is the connection string used?
can you try to simulate what the lambda is doing locally? can you try connecting with local mongo client to your db using the same connection string that your lambda use?
are you connecting to the right db? is your user setup on your custom db or on the default admin db? are your update rights setup on the right db?

Db2 (Warehouse) on Cloud: How to use APIKEY or ACCESSTOKEN to connect from CLP?

I have an instance of Db2 on IBM Cloud. I would like to use my local CLP to connect to it. I set everything up to be able to connect using a username and password. Now, however, I would like to make use of either an APIKEY or ACCESSTOKEN as documented.
My attempts result in either
SQL30082N Security processing failed with reason "25" ("CONNECTION
DISALLOWED"). SQLSTATE=08001
or
SQL30082N Security processing failed with reason "24" ("USERNAME
AND/OR PASSWORD INVALID"). SQLSTATE=08001
I have successfully create an APIKEY and also was able to generate an access token using that API key. But what is needed to connect?
connect to clouddb ACCESSTOKEN "my long token here"
It was a matter of the right setup and correct steps:
IAM support only works with SSL connections
for SSL, I had to use the right port number (50001) and keywords (security ssl) when cataloging the node and database
my Db2 client required additional setup for GSKit and encryption key database
I wrote up a blog post with all the steps and a collection of error message on how to setup a Db2 client to authenticate using either API key or access token. Basically, it is to catalog the server:
db2 catalog tcpip node Db2oCfra remote db2host-fra02-xxx.services.eu-de.bluemix.net
server 50001 security ssl
Then catalog the database:
db2 catalog db bludb as fradb at node db2ocfra
Thereafter, connect:
db2 connect to fradb APIKEY myIBMCloudplatformApiKey
There might be additional steps in order to install GSKit and properly configure SSL support.

Nodejs, mongodb, authentication, on different server

Here is my situation:
I deploy my application on server A;
And I deployed my mongodb on server B;
the mongodb is secured by authentication. I know that I have to connect like:
mongo IP_ADDRESS/testDB -u username -p password --authenticationDatabase admin
So my problem is:
mongoClient = require("mongo").MongoClient;<br>
url = "mongodb://username:password#IP_ADDRESS:27017/testDB"
when I am using to the username has the role of root, and with this URL, I can only access the database of admin, no more others.
anyone help!
Your user exists only in admin db obviously, so you have to provide authsource to mongoClient.connect. this is not connecting database, only for authentication.
Example for your situation is:
mongoClient = require("mongo").MongoClient;
url = "mongodb://username:password#IP_ADDRESS:27017/testDB?authSource=admin
here is the documentation for url parameters. https://docs.mongodb.org/manual/reference/connection-string/#uri.authSource

How to connect Sybase from client tool for password Encrypted db

Our back end Sybase db password encryption is enabled and for this I am unable to connect the db using any client tool. here is the exception:
Error connecting to datasource "UAT"
SQL Error [1640] [S1000]: Adaptive Server requires encryption of the login password on the network.
SQL Error [4002] [S1000]: Login failed
SQL Error [4002] [S1000]: Login failed.
Adaptive Server requires encryption of the login password on the network.
From java/ property file I ma bale to connect using below properties
ENCRYPT_PASSWORD=true
JCE_PROVIDER_CLASS=org.bouncycastle.jce.provider.BouncyCastleProvider
Have you tried isql (the command line tool) to confirm if your connection details are correct?
The basic command would be:
isql -U username -S servername -X
This will help determine if it is something more fundamental that is causing the problem.

Resources