Instructions for adding a user to a mongo database for mongo_orm

You don’t want your web application to access the database using your database admin user. Additionally you want it to access only one specific database – maybe you have additional databases running in your mongo instance.

Prerequisites:

mongo_orm expects the database configuration as environment variables or as a file config/database.yml in your project.

The config/database.yml file looks like this:

database_url: mongodb://janet:test@hostname:27017
database_name: dbname

and 27017 is the default port number of mongo – if you set it to something else, change it.

user is “janet”

and password is “test” in this example.

Creating a new user on the mongo instance, using the mongo console

Login to your mongo instance. Run the command mongo:

mongo

(I assume that your mongo instance binds to localhost, at the default port).

This will give you the mongo console.

Important! you need to change to the admin database to authenticate!

use admin

db.auth(“admin”,”<adminpw>”)

change <adminpw> to the admin password you set. Please ignore WordPress’ stupid habit of changing the quotation marks. These are all supposed to be normal double quotation marks.

Important: Do not change the database to the target database to create the new user! Stay on the admin database!

db.createUser(

{

user: “janet”,

pwd: “test”,

roles: [{ role: “readWrite”, db: “dbname” }],

passwordDigestor: “server”,

mechanisms: [“SCRAM-SHA-1″,”SCRAM-SHA-256”]

}

)

Note: both mechanisms are required! If you just specify SCRAM-SHA-256, mongo orm will not be able to log in.

passwordDigestor MUST be “server”. It cannot be true. Please note, that there seems to be a difference between mongo console, and mongo API. (in the mongo API you would use digestPassword: true

this will give the user janet, with the password test the readWrite role on dbname.

Read more about roles here.

deleting a user

use admin

db.dropUser(“janet”)

Debugging

https://github.com/Studio3T/robomongo/issues/1041

Robo T3 does not seem to be able to create users properly, use my console method above.

(It is, however, capable of creating databases).

image

as the Dialogue says, you can’t use digestPassword through Robo T3 or the Mongo Console. Use passwordDigestor: “server” instead. In any case, Robo T3 does not seem to be able to create the users properly – use the console.

db.serverStatus()

if this command gives you:

> db.serverStatus()

{

“ok” : 0,

“errmsg” : “command serverStatus requires authentication”,

“code” : 13,

“codeName” : “Unauthorized”

}

Then you are not logged in – it will display a long list of information about your server when you are logged in.

Too many users are authenticated

2019-02-09T13:53:09.972+0000 E QUERY [js] Error: couldn’t add user: too many users are authenticated

_getErrorWithCode@src/mongo/shell/utils.js:25:13

DB.prototype.createUser@src/mongo/shell/db.js:1491:15

If you start to authenticate as other users to test the login, this will happen. exit from the console, log in again, and authenticate just once as admin before creating new users.

Authentication failed

Message: ‘Domain: 1, code: 11, Authentication failed.’

You will get this error code from mongo orm if mongo orm can’t authenticate. Resist the impulse to simply use the db as admin. Reread the information I have given here. Ensure that:

  • you create the new user using the mongo console
  • you have specified SCRAM-SHA-1
  • the user has been created while being in the admin database (“use admin” !!)
  • you have set the roles properly