3

I have a MongoDB server where I have enabled authentication and created users with DB-specific permissions. The user for this app is defined as shown below i.e. geoAdmin has read, readWrite and dbOwner permissions for the relevant database:

MongoDB shell version: 3.0.0
connecting to: 192.168.2.89/test
> use geo_db
switched to db geo_db
> db.getUser("geoAdmin")
{
    "_id" : "geo_db.geoAdmin",
    "user" : "geoAdmin",
    "db" : "geo_db",
    "roles" : [
        {
            "role" : "read",
            "db" : "geo_db"
        },
        {
            "role" : "dbOwner",
            "db" : "geo_db"
        },
        {
            "role" : "readWrite",
            "db" : "geo_db"
        }
    ]
}

The following query works OK i.e. connecting to the remote server from my local mongo client:

mint:~ $ mongo 192.168.2.89:27017 -u geoAdmin -p secret --authenticationDatabase geo_db
MongoDB shell version: 3.0.0
connecting to: 192.168.2.89/test
> use geo_db
switched to db geo_db
>  db.LAD_DEC_2013_GB_BFE.findOne({},{'properties.LAD13NM':1})
{
    "_id" : ObjectId("54ffe2824f0787ec1293017f"),
    "properties" : {
        "LAD13NM" : "Hartlepool"
    }
}

I then connect to the same remote host from a ReactiveMongo Play app on the same local client, with this URL in the app config file:

# ReactiveMongo
mongodb.uri = "mongodb://geoAdmin:secret@192.168.2.89:27017/geo_db"

But when my app tries to read from the same collection, I get a MongoDB "code = 13" error:

[DetailedDatabaseException: DatabaseException['not authorized for query on geo_db.LAD_DEC_2013_GB_BFE' (code = 13)]]

The app works fine if I connect to a local MongoDB which does not have authentication enabled.

Any ideas what might be going wrong here?

Chris Webster
  • 918
  • 8
  • 20
  • 1
    It looks like the latest release of ReactiveMongo that is available at the moment (0.10, Dec-2013) pre-dates MongoDB 3.0. I suspect that means it does not yet have support for the new [SCRAM-SHA-1](http://docs.mongodb.org/manual/release-notes/3.0-scram/) default authentication or for listing collections in WiredTiger. It looks like WiredTiger support has been committed to [master](https://github.com/ReactiveMongo/ReactiveMongo/commits/master) but on quick skim I don't see any mention of 3.0-compatible authentication. – Stennie Apr 22 '15 at 10:08
  • 1
    There's a possible workaround of using the older MONGODB-CR authentication in MongoDB 3.0 (although a better fix would be to update the driver). For an example of how to downgrade authSchema to test if this is indeed the problem, see this [discussion on the mongodb-user group](https://groups.google.com/d/msg/mongodb-user/4-nbyYch7bA/S3UHEfVgkesJ). – Stennie Apr 22 '15 at 10:10
  • Thanks for the extra info. I tried the authSchema thing but it doesn't seem to work for me. I guess I'll just have to live without authentication (this is just a demo app) until ReactiveMongo catches up. Or I could downgrade to MongoDB 2.8 of course. – Chris Webster Apr 22 '15 at 12:02
  • You can give a try to the snapshot mentionned on the [Google Group](https://groups.google.com/forum/?fromgroups#!topic/reactivemongo/gC5vLErbq8E). – cchantep Apr 22 '15 at 14:16
  • FYI, MongoDB 2.8 only existed as release candidates; the final release was [renamed to MongoDB 3.0](http://www.mongodb.com/blog/post/renaming-our-upcoming-release-mongodb-30). The production release series prior to Mongo 3.0.x is 2.6.x. – Stennie Apr 23 '15 at 02:22
  • @Stennie i am seeing the same issue. I tried on mongodb 2.6.8 but still getting the same error. Does reactivemongo work with auth enabled? – Kiran Raj May 29 '15 at 11:22

2 Answers2

2

ReactiveMongo 0.11.7.play23 is supporting mongo 3.0 auth-protocols, but is still using the old as default.

With ReactiveMongo 0.11.7.play23 -plugin, you can make it authenticate with mongo 3.0, by adding "?authMode=scram-sha1" to the end of your mongodb.uri. E.g.: 

mongodb.uri = "mongodb://geoAdmin:secret@192.168.2.89:27017/geo_db?authMode=scram-sha1"
RastacraZ
  • 63
  • 1
  • 9
1

mongo 2.6 uses MONGODB-CR auth protocol and 3.0 uses MONGODB-SHA-1 by default

reactivemongo use MONGODB-CR auth protocol(not sure)

downgrade mongodb 3.0 auth mechanisms to MONGODB-CR

  1. login mongo noauth
  2. remove all user
  3. update the version document for the authSchema.

ex.

db.getSiblingDB("admin").system.users.remove( {} )
db.getSiblingDB("admin").system.version.update(
   { _id: "authSchema" },
   { $set: { currentVersion: 3 } }
);

add authSource parameter to mongodb url ex.

mongodb.uri = "mongodb://geoAdmin:secret@192.168.2.89:27017/geo_db?authSource=geo_db"
Isman Usoh
  • 56
  • 1
  • 1
  • 5