{"id":7772,"date":"2019-02-09T15:23:36","date_gmt":"2019-02-09T14:23:36","guid":{"rendered":"https:\/\/pi3g.com\/?p=7772"},"modified":"2019-02-09T15:23:36","modified_gmt":"2019-02-09T14:23:36","slug":"instructions-for-adding-a-user-to-a-mongo-database-for-mongo_orm","status":"publish","type":"post","link":"https:\/\/pi3g.com\/de\/instructions-for-adding-a-user-to-a-mongo-database-for-mongo_orm\/","title":{"rendered":"Anleitung zum Hinzuf\u00fcgen eines Benutzers zu einer Mongo-Datenbank f\u00fcr mongo_orm"},"content":{"rendered":"<p>You don\u2019t want your web application to access the database using your database admin user. Additionally you want it to access only <strong>one specific <\/strong>database \u2013 maybe you have additional databases running in your mongo instance. <\/p>\n<p>Prerequisites:<\/p>\n<p>mongo_orm expects the database configuration as environment variables or as a file config\/database.yml in your project.<\/p>\n<p>The config\/database.yml file looks like this:<\/p>\n<blockquote>\n<p>database_url: mongodb:\/\/janet:test@hostname:27017<br \/>\ndatabase_name: dbname<\/p>\n<\/blockquote>\n<p>and 27017 is the default port number of mongo \u2013 if you set it to something else, change it.<\/p>\n<p>user is \u201cjanet\u201d<\/p>\n<p>and password is \u201ctest\u201d in this example. <\/p>\n<h1>Creating a new user on the mongo instance, using the mongo console<\/h1>\n<p>Login to your mongo instance. Run the command mongo:<\/p>\n<blockquote>\n<p>mongo<\/p>\n<\/blockquote>\n<p>(I assume that your mongo instance binds to localhost, at the default port).<\/p>\n<p>This will give you the mongo console. <\/p>\n<p><strong>Important! you need to change to the admin database to authenticate!<\/strong><\/p>\n<blockquote>\n<p>use admin<\/p>\n<p>db.auth(\u201cadmin\u201d,\u201d&lt;adminpw&gt;\u201d)<\/p>\n<\/blockquote>\n<p>change &lt;adminpw&gt; to the admin password you set. Please ignore WordPress\u2019 stupid habit of changing the quotation marks. <strong>These are all supposed to be normal double quotation marks<\/strong>.<\/p>\n<p><font style=\"background-color: rgb(255, 255, 0);\">Important: Do <strong>not <\/strong>change the database to the target database to create the new user! Stay on the admin database!<\/font><\/p>\n<blockquote>\n<p>db.createUser(<\/p>\n<p>{<\/p>\n<p>user: \u201cjanet\u201d,<\/p>\n<p>pwd: \u201ctest\u201d,<\/p>\n<p>roles: [{ role: \u201creadWrite\u201d, db: \u201cdbname\u201d }],<\/p>\n<p>passwordDigestor: \u201cserver\u201d,<\/p>\n<p>mechanisms: [&#8220;SCRAM-SHA-1&#8243;,&#8221;SCRAM-SHA-256&#8221;]<\/p>\n<p>}<\/p>\n<p>)<\/p>\n<\/blockquote>\n<p><strong>Note: both mechanisms are required! If you just specify SCRAM-SHA-256<\/strong>, mongo orm will not be able to log in.<\/p>\n<p>passwordDigestor MUST be \u201cserver\u201d. It <strong>cannot <\/strong>be true. Please note, that there seems to be a difference between mongo console, and mongo API. (in the mongo API you would use digestPassword: true<\/p>\n<p>this will give the user janet, with the password test the readWrite role on dbname. <\/p>\n<p><a href=\"https:\/\/docs.mongodb.com\/manual\/reference\/built-in-roles\/\" target=\"_blank\">Read more about roles here<\/a>.<\/p>\n<h1>deleting a user<\/h1>\n<blockquote>\n<p>use admin<\/p>\n<p>db.dropUser(\u201cjanet\u201d)<\/p>\n<\/blockquote>\n<h1>Debugging<\/h1>\n<p><a href=\"https:\/\/github.com\/Studio3T\/robomongo\/issues\/1041\">https:\/\/github.com\/Studio3T\/robomongo\/issues\/1041<\/a> <\/p>\n<p>Robo T3 does not seem to be able to create users properly, use my console method above.<\/p>\n<p>(It is, however, capable of creating databases).<\/p>\n<p><a href=\"https:\/\/pi3g.com\/wp-content\/uploads\/2019\/02\/image-6.png\"><img loading=\"lazy\" decoding=\"async\" width=\"474\" height=\"262\" title=\"image\" style=\"display: inline; background-image: none;\" alt=\"image\" src=\"https:\/\/pi3g.com\/wp-content\/uploads\/2019\/02\/image_thumb-6.png\" border=\"0\"><\/a><\/p>\n<p>as the Dialogue says, you can\u2019t use digestPassword through Robo T3 or the Mongo Console. Use passwordDigestor: \u201cserver\u201d instead. In any case, Robo T3 does not seem to be able to create the users properly \u2013 use the console.<\/p>\n<p><\/p>\n<blockquote>\n<p>db.serverStatus()<\/p>\n<\/blockquote>\n<p>if this command gives you:<\/p>\n<p>&gt; db.serverStatus()<\/p>\n<p>{<\/p>\n<p>&#8220;ok&#8221; : 0,<\/p>\n<p>&#8220;errmsg&#8221; : &#8220;command serverStatus requires authentication&#8221;,<\/p>\n<p>&#8220;code&#8221; : 13,<\/p>\n<p>&#8220;codeName&#8221; : &#8220;Unauthorized&#8221;<\/p>\n<p>}<\/p>\n<p>Then you are not logged in \u2013 it will display a long list of information about your server when you are logged in.<\/p>\n<p><\/p>\n<h2>Too many users are authenticated<\/h2>\n<p>2019-02-09T13:53:09.972+0000 E QUERY [js] Error: couldn&#8217;t add user: too many users are authenticated<\/p>\n<p>_getErrorWithCode@src\/mongo\/shell\/utils.js:25:13<\/p>\n<p><a href=\"mailto:DB.prototype.createUser@src\/mongo\/shell\/db.js:1491:15\">DB.prototype.createUser@src\/mongo\/shell\/db.js:1491:15<\/a><\/p>\n<p><strong>If you start to authenticate as other users to test the login, this will happen. exit from the console, log in again, and authenticate just once as admin before creating new users.<\/strong><\/p>\n<p><\/p>\n<p><\/p>\n<h2>Authentication failed<\/h2>\n<p><b>Message: &#8216;Domain: 1, code: 11, Authentication failed.&#8217;<\/b><\/p>\n<p>You will get this error code from mongo orm if mongo orm can\u2019t authenticate. Resist the impulse to simply use the db as admin. Reread the information I have given here. Ensure that:<\/p>\n<ul>\n<li>you create the new user using the mongo console<\/li>\n<li>you have specified SCRAM-SHA-1<\/li>\n<li>the user has been created while being in the admin database (\u201c<strong>use admin<\/strong>\u201d !!)<\/li>\n<li>you have set the roles properly<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Sie m\u00f6chten nicht, dass Ihre Webanwendung \u00fcber Ihren Datenbankadministrator auf die Datenbank zugreift. Au\u00dferdem wollen Sie, dass sie nur auf eine bestimmte Datenbank zugreift - vielleicht haben Sie noch weitere Datenbanken in Ihrer Mongo-Instanz laufen. Voraussetzungen: mongo_orm erwartet die Datenbankkonfiguration als Umgebungsvariablen oder als Datei config\/database.yml in Ihrem Projekt. Die config\/database.yml...<\/p>","protected":false},"author":830,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[416],"tags":[409,538,534,533],"class_list":["post-7772","post","type-post","status-publish","format-standard","hentry","category-crystal-language","tag-crystal","tag-mongo-db","tag-mongo_orm","tag-sam0x17"],"_links":{"self":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts\/7772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/users\/830"}],"replies":[{"embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/comments?post=7772"}],"version-history":[{"count":1,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts\/7772\/revisions"}],"predecessor-version":[{"id":7773,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts\/7772\/revisions\/7773"}],"wp:attachment":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/media?parent=7772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/categories?post=7772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/tags?post=7772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}