如何获得正确的mongodb身份验证 [英] how to get mongodb authentication right
问题描述
这让我发疯了...
我曾经做过一次这项工作,但是花了我一两天才把它弄对:一个不错的MongoDB数据库,里面有很多集合,可以通过Java客户端访问.一切都很好,只不过我忘了记下如何正确使用它.
I had this working once, but it took me a day or two to get it right: A nice MongoDB database, with a bunch of collections, accessible through a Java client. All was good, except that I forgot to takes note on how I got this to work right.
现在我需要添加第二个数据库.我根本无法获得正确的身份验证-我向管理数据库添加了新用户,但没有成功.我将用户添加到新的数据库本身,仍然没有成功.我什至尝试了这里介绍的解决方案: MongoDB 3.2身份验证失败 ...但是在那之后整个mongoDB被锁定,我的所有数据都丢失了.我必须卸载MongoDB,然后从头开始重新安装.
Now I needed to add a second database. I could not get the authentication right at all - I added a new user to the admin db, no success. I added the user to the new db itself, still no success. I even tried the solution presented here: MongoDB 3.2 authentication failed ... but after that the entire mongoDB was locked, and all my data was lost. I had to uninstall MongoDB, and reinstall it from scratch.
是否有一个简单的分步指南,如何设置带有新数据库的香草mongodb,以及如何使用用户名/密码通过Java(或任何其他远程客户端)进行连接的用户?我现在用谷歌搜索了两个小时,但还没有找到答案.
Is there a simple step by step guideline how to set up a vanilla mongodb with a new database, and a user that can connect via Java (or any other remote client), using username/password? I googled for two hours now, but I have not found an answer yet.
谢谢
Stefan
推荐答案
无论何时设置mongodb,都应创建一个角色为userAdminAnyDatabase的admin用户,即使mongod以--auth或不是.您可以通过以下命令创建此用户.
Whenever you setup mongodb, you should create a admin user with role userAdminAnyDatabase, and you will be able to create this user even mongod is started with --auth or not. you can create this user by below command.
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
此后,如果未打开授权,则由runnig mongod使用--auth标志对其进行授权,或者在mongod.conf中打开授权并重新启动mongod服务器.
After this if authorization is not turned on, on it by runnig mongod with --auth flag, or turn on authorization in mongod.conf and restart mongod server.
然后使用管理员用户通过以下命令登录mongo shell
Then login to mongo shell by below command with the admin user
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
转到数据库,并创建一个具有readWrite权限的用户.
Go to the database, and create a user with readWrite permission.
use myapplication
db.createUser(
{
user: "myTester",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "myapplication" }]
}
)
现在,您可以使用myTester用户在myapplication数据库中进行读取/写入,并且每当创建一个新数据库时,请使用myUserAdmin用户启动mongo shell并为新数据库创建一个新用户.
Now you can use myTester user to read/write in myapplication database, and whenever you create a new database, start mongo shell with myUserAdmin user and create a new user for new database.
在mongodb中,您还可以创建一个用户,并为他授予所有数据库的所有权限,但是您不应该这样做.
In mongodb you can also create a single user, and give him all permissions for all database, but that you should not do.
如果您想进一步研究,可以查看以下链接. https://docs.mongodb.com/v3.2/tutorial/enable-身份验证/
If you want to research further you can check below link. https://docs.mongodb.com/v3.2/tutorial/enable-authentication/
当您意外锁定mongodb时,可以关闭mongod.conf文件的授权并访问您的数据.
这篇关于如何获得正确的mongodb身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!