I'm using mongodb on 64Bit and 32Bit Linux servers with same configuration, where the option auth=true is set in both config files.
While the 64Bit system required an authentication to run commands like show users or show collections, the 32Bit version gives you all the requested informations without running db.auth() before.
It looks like, the 32 Bit version ignores the auth=true option at the config file.
So: how can I enable auth for mongodb running on an 32Bit system?
The 32bit version should support authentication just fine. But it is possible that:
It uses a different configuration file (use: -f /etc/mongodb.conf as option when starting MongoDB) or you can specify --auth on the command line
Because the databases are empty and no user is setup at all, authentication is not required. As soon as you add a user, it will then require db.auth().
You don't have a user on the admin database defined. Without this, you can always connect on localhost.
The point is, that authentication is disabled because there is no db users added, only users for a specific database. Connecting to this database using localhost results in an "auth"-free environment. (see for this also the answer from #Derick which point to a possible reason.)
To come back to the question:
So: how can I enable auth for mongodb running on an 32Bit system?
The point is: the auth is active, but not for connects from localhost. To enable auth for connects from localhost, the following startup option is needed:
enableLocalhostAuthBypass=0
I finished this,the role is necessary
db.createUser(
{
user: "youloginname",
pwd: "123456",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Related
In a node.js cli app running on a windows machine, you can get the current local user using:
// method 1
const os = require('os')
console.log(os.userInfo())
// method 2
console.log(`${process.env.USERDOMAIN}\\${process.env.USERNAME}`)
Which outputs:
# METHOD 1
{
uid: -1,
gid: -1,
username: 'adam',
homedir: 'C:\\Users\\adam',
shell: null
}
# METHOD 2
MYPC\adam
However, in modern Windows OS (e.g. Windows 10, 11), many users opt to sign-in with a Microsoft account. Apparently, this means there are 2 mirrored accounts on the machine:
{USERDOMAIN}\{USERNAME} where USERDOMAIN could be the local machine name or the enterprise network domain name
MicrosoftAccount\{EmailAddress} where EmailAddress is the Microsoft account username
How can I retrieve the 2nd variant of the username in node.js?
IMHO, you can use the windows registry hive HCU, which maps to the current user hive and find the data you need somewhere in the hive, though I don't know the exact path.
Alternatively, you could try running some PS1 script/command that will get this information for you, but this method cannot be reliable, since this option (running ps1) may be disabled on some machines by the user.
And last but not least, you can always build a native Node.js extension, using C++ and access the native Windows API to do what you want :)
I am searching for some help in how to configure Azure PostgreSQL DB in a Docker Swarm based Gitlab instance.
Initially, I followed the documentation in https://docs.gitlab.com/13.6/ee/administration/postgresql/external.html. Yet I came to find out that the default provided user is in the form of username, whereas Azure requires it to be in the form of username#hostname. I tried passing the username in the gitlab.rb file (gitlab_rails['db_username'] = 'username#hostname') but it still failed, even after replacing the # with the %40 as URI encoded.
After some extensive searching, I found this documentation - https://docs.gitlab.com/13.6/ee/administration/environment_variables.html, which suggests using the DATABASE_URL environment variable to set the full connection string in the form postgresql://username:password#hostname:port/dbname, which I did and it did solve the issue for Gitlab itself communicating with Azure PostgreSQL (in this case I replaced the username with username%40hostname, according to Azure requirements).
Allas, the success was short lived since then I came to find out that neither Puma and Sidekiq can connect to the database, always throwing the following error:
==> /var/log/gitlab/sidekiq/current <==
could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/opt/gitlab/postgresql/.s.PGSQL.5432"?
After some searching, I found that gitlab-ctl is generating the following file when starting the Gitlab instance:
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production:
adapter: postgresql
encoding: unicode
collation:
database: <database>
username: "<username>"
password:
host: "/var/opt/gitlab/postgresql"
port: 5432
socket:
sslmode:
sslcompression: 0
sslrootcert:
sslca:
load_balancing: {"hosts":[]}
prepared_statements: false
statement_limit: 1000
connect_timeout:
variables:
statement_timeout:
(database and username where removed)
Pretty much it ignores the DATABASE_URL env variable and assumes the now non-existing configuration parameters in gitlab.rb.
So, right now, I'm a bit out of options and was wondering if anyone has had a similar issue and, if so, how where you able to overcome this.
Any help is appreciated.
Thanks in advance.
TL/DR: Pass the username#hostname string directly into the gitlab_rails['db_username'] in double quotes. The documentation for connecting to an Azure PostgreSQL in the official Gitlab page is not correct.
So, after some searching and going deep into the Gitlab configuration, I came to find out that the issue is very specific and related with the usage of docker secrets.
In my gitlab.rb configuration file, in the database configuration part, I'm using the following:
### GitLab database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
###! **Only needed if you use an external database.**
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "unicode"
gitlab_rails['db_database'] = File.read('/run/secrets/postgresql_database')
gitlab_rails['db_username'] = File.read('/run/secrets/postgresql_user')
gitlab_rails['db_password'] = File.read('/run/secrets/postgresql_password')
gitlab_rails['db_host'] = File.read('/run/secrets/postgresql_host')
gitlab_rails['db_port'] = File.read('/run/secrets/postgresql_port')
gitlab_rails['db_sslmode'] = 'require'
Now, this exact configuration was used previously for testing purposes and worked (but without the usage of Azure PostgreSQL database). And I'm passing the correct secrets to docker and I've confirmed that the secrets in fact, do exist.
(Sidenote: Also, I've established that Gitlab uses the method ActiveRecord::Base.establish_connection from the Ruby ActiveRecord::Base library in order to connect to the database)
Yet, when using the username#hostname configuration for the user and passing that into the postgresql_user secret, suddenly the ActiveRecord::Base.establish_connection method assumes that the #hostname is the actual hostname to where I want to connect to. And I've confirmed that the secret is being generated correctly inside the docker container
Now, it gets even stranger because if I pass the username#hostname string directly to the gitlab.rb file - gitlab_rails['db_username'] parameter - in double quotes, it suddenly starts connecting without complaining.
So, in short, if using an Azure PostgreSQL database for a dockerized Gitlab instance and using secrets to pass the configuration to the gitlab.rb file, don't pass the username#hostame through a secret, but put it directly in the gitlab.rb file.
I don't know if this is a specific issue of Ruby or of Gitlab (I'm not a Ruby developer), but I did try converting the File.read output to a String, to a symbol, used the File.open('filepath', &:readline) and other shenanigans, but nothing worked. So, if anyone out there would care to add their reason for this, please feel free to do so.
Also, the tutorial provided by Azure - https://learn.microsoft.com/pt-pt/azure/postgresql/connect-ruby - doesn't work with Gitlab, since it complains about the %40.
Hope this can help anyone out there.
I have a Node JS program, which uses Mongo DB as my dbs. Now... everyone can access the mongo shell with no issues at all.
Is this how it is meant to be? I want to keep the mongo shell away from anyone else, i.e. you have to authenticate before using the shell.The reason being is that I dont want people deleting tables in the database, and insert/ modifying documents through the console.
Is there a way to do this? I had a look at https://docs.mongodb.com/manual/security/ However I am not sure how to implement this to my Node Js program (keeping the password a secret).
Any help would be appreciated. Thanks
A few solutions :
Restrict access to your db to only the required IP addresses. If your app and database are on the same machine, that would be 127.0.0.1 only + maybe your PC so you can run queries in a GUI.
enforce authentication as in this link, with a strong password.
To keep the password 'secret' in your Node program, which I understand as "not hardcoded", make it an env variable and give it to node at runtime, or write it in a file that doesn't live in your repo (.gitignore works too).
With a valid user/password, here's how to authenticate to mongodb using Node :
A mongodb address has 7 components :
protocol:"mongodb://",
host:"localhost",
user: "user",
password : "password",
options: "?authMechanism=MONGODB-CR",
port:"27017",
db:"db_name"
Which all together give a string like :
mongodb://user:password#localhost:27017/db_name?authMechanism=MONGODB-CR,
That should be enough for Node to connect using the native Mongo driver.
And to authenticate in the shell :
use db_name
db.auth("user", "password" )
or, directly on connection :
mongo -u "user" -p "password" --authenticationDatabase "db_name"
I've mostly worked with PHP/MySQL but I've now been handed a Node.js/MongoDB project on Github.
Having gone through a Mongo tutorial, I feel I understand the concept to a reasonable extent now, but I am still unsure how to do the most basic thing - view the Mongo database associated with the project.
In the config file, I found the following:
module.exports = {
database: {
url: 'localhost:27017/app_name'
},
But seeing how I'm on a remote machine, how do I reach the database? Do I need to ask the previous dev for the DB so I can set it up locally?
Searching the code for the word mongo it only appears in packages.json so that's not a lot of help.
localhost:27017
means the DB is in the local machine in which your are developing your app.
In your case, you have MONGO DB installed in your local machine and run the project.
Otherwise if you have a centralized DB then you have to configure that IP here as follows:
Also configure your mongodb.config of your remote DB to accept the connection from your local machine by changing the "BIND IP"
module.exports = {
database: {
url: 'yourRemoteIP:27017/app_name'
},
Use a GUI tool, i would recommend MongoChef. All you need to do is when you start the server, just open this GUI and connect to DB. GAME ON!! You will be able to see your collections and you are ready to go. You can also run mongo query direct on the shell. It is a helpful tool for playing with your local DB.
PS I am considering you want to see your local DB.
You can access your DB through terminal as well, all upto you.
I have a need to write a .NET application which will query Active Directory while running in Windows PE on a computer which is not yet a member of the domain.
We are running this during a Microsoft Deployment Toolkit task sequence (note that MDT 2012 has been configured to load support for .NET into the WinPE environment - the .NET application is starting without any problems).
I am using the code below to bind to the domain:
DirectoryEntry entry = new DirectoryEntry(
path,
username,
password,
AuthenticationTypes.ServerBind | AuthenticationTypes.Secure);
I have tried a path both of the form:
LDAP://domainServer/dc=domain,dc=name
And also without a domain controller name as
LDAP://dc=domain,dc=name
I have also tried using a username both of the form domain\username and also just username.
The DirectoryEntry object seems to be constructed okay, but when I try to execute Console.Writeline(entry.Name) to confirm a valid connection has been made, I get the following exception:
System.Runtime.InteropServices.COMException (0x80005000): Unknown
error (0x80005000) at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_Name()
I have tried other variations on this code, trying to execute LDAP queries with various filters, trying to rewrite it in VBScript, etc... but the code posted above is the simplest example I could come up with which reproduces the problem.
From what I have read, in a scenario like this you would always need to use AuthenticationTypes.ServerBind and that is why I am trying to specify the code within the ADSI LDAP path. But what is wrong with the code above? To me, it looks like it is passing all needed information in the parameters to the DirectoryEntry constructor.
There is a way to get it work, but it's not supported by Microsoft. This post helped me a lot. It works, tested and approved for a deployment of new computers :)
Get the ADSIxXX.inf from the zip file to C:\ADSI
Copy the following files from a Windows/System32 to C:\ADSI. Carefull of Architecture
x86 x64 -
adsldp.dll
adsmsext.dll
adsnt.dll
mscoree.dll
mscorier.dll
mscories.dll
Mount the bootimage.wim
No need to load Package (Your WinPE is already configured to load .NET API), juste add ADSI driver:
Dism /Image:C:\Mount /Add-Driver /Driver:C:\ADSI\ADSIxXX.inf /forceunsigned
No need to load his script
Unmount the bootimage.wim
Then it's done, if your .NET application is well implement ;)
I'm not sur the PIPE | is supported as an argument too, just set to AuthenticationTypes.Secure -
DirectoryEntry entry = new DirectoryEntry(
path,
username,
password,
AuthenticationTypes.ServerBind | AuthenticationTypes.Secure);
Link: http://www.deploymentresearch.com/Research/tabid/62/EntryId/74/ADSI-plugin-for-WinPE-4-0.aspx#AddComment