如何获得正确的mongodb身份验证 [英] how to get mongodb authentication right

问题描述

这让我发疯了...

我曾经做过一次这项工作，但是花了我一两天才把它弄对:一个不错的MongoDB数据库，里面有很多集合，可以通过Java客户端访问.一切都很好，只不过我忘了记下如何正确使用它.

I had this working once, but it took me a day or two to get it right: A nice MongoDB database, with a bunch of collections, accessible through a Java client. All was good, except that I forgot to takes note on how I got this to work right.

现在我需要添加第二个数据库.我根本无法获得正确的身份验证-我向管理数据库添加了新用户，但没有成功.我将用户添加到新的数据库本身，仍然没有成功.我什至尝试了这里介绍的解决方案: MongoDB 3.2身份验证失败 ...但是在那之后整个mongoDB被锁定，我的所有数据都丢失了.我必须卸载MongoDB，然后从头开始重新安装.

Now I needed to add a second database. I could not get the authentication right at all - I added a new user to the admin db, no success. I added the user to the new db itself, still no success. I even tried the solution presented here: MongoDB 3.2 authentication failed ... but after that the entire mongoDB was locked, and all my data was lost. I had to uninstall MongoDB, and reinstall it from scratch.

是否有一个简单的分步指南，如何设置带有新数据库的香草mongodb，以及如何使用用户名/密码通过Java(或任何其他远程客户端)进行连接的用户?我现在用谷歌搜索了两个小时，但还没有找到答案.

Is there a simple step by step guideline how to set up a vanilla mongodb with a new database, and a user that can connect via Java (or any other remote client), using username/password? I googled for two hours now, but I have not found an answer yet.

谢谢

Stefan

推荐答案

无论何时设置mongodb，都应创建一个角色为userAdminAnyDatabase的admin用户，即使mongod以--auth或不是.您可以通过以下命令创建此用户.

Whenever you setup mongodb, you should create a admin user with role userAdminAnyDatabase, and you will be able to create this user even mongod is started with --auth or not. you can create this user by below command.

use admin

db.createUser(
  {
    user: "myUserAdmin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

此后，如果未打开授权，则由runnig mongod使用--auth标志对其进行授权，或者在mongod.conf中打开授权并重新启动mongod服务器.

After this if authorization is not turned on, on it by runnig mongod with --auth flag, or turn on authorization in mongod.conf and restart mongod server.

然后使用管理员用户通过以下命令登录mongo shell

Then login to mongo shell by below command with the admin user

mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

转到数据库，并创建一个具有readWrite权限的用户.

Go to the database, and create a user with readWrite permission.

use myapplication

db.createUser(
  {
    user: "myTester",
    pwd: "xyz123",
    roles: [ { role: "readWrite", db: "myapplication" }]
  }
)

现在，您可以使用myTester用户在myapplication数据库中进行读取/写入，并且每当创建一个新数据库时，请使用myUserAdmin用户启动mongo shell并为新数据库创建一个新用户.

Now you can use myTester user to read/write in myapplication database, and whenever you create a new database, start mongo shell with myUserAdmin user and create a new user for new database.

在mongodb中，您还可以创建一个用户，并为他授予所有数据库的所有权限，但是您不应该这样做.

In mongodb you can also create a single user, and give him all permissions for all database, but that you should not do.

如果您想进一步研究，可以查看以下链接. https://docs.mongodb.com/v3.2/tutorial/enable-身份验证/

If you want to research further you can check below link. https://docs.mongodb.com/v3.2/tutorial/enable-authentication/

当您意外锁定mongodb时，可以关闭mongod.conf文件的授权并访问您的数据.

这篇关于如何获得正确的mongodb身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！