Page History
...
| Excerpt | |||||||||
|---|---|---|---|---|---|---|---|---|---|
|
...
connectionsPerHost...
dropOnClear...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<!-- noSql database provider for the 3.2 connector framework --> <noSQLConnectionProvider connectionsPerHost="10" sslEnabled="false" sslInvalidHostNameAllowed="false"> <namespace>myNamespace</namespace> <implementation>com.searchtechnologies.aspire:aspire-mongodb-provider</implementation> <dropOnClear>false</dropOnClear> <servers>mongodb-host:27017</servers> </noSQLConnecitonProvider> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<!-- noSql database provider for the 3.2 connector framework --> <noSQLConnectionProvider connectionsPerHost="10" sslEnabled="false" sslInvalidHostNameAllowed="false"> <implementation>com.searchtechnologies.aspire:aspire-mongodb-provider</implementation> <dropOnClear>false</dropOnClear> <servers>mongodb-host1:27017,mongodb-host2:27017,mongodb-host3:27017,mongodb-host4:27017</servers> </noSQLConnecitonProvider> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<!-- noSql database provider for the 3.2 connector framework --> <noSQLConnectionProvider connectionsPerHost="10" sslEnabled="false" sslInvalidHostNameAllowed="false"> <namespace>myNamespace</namespace> <implementation>com.searchtechnologies.aspire:aspire-mongodb-provider</implementation> <dropOnClear>false</dropOnClear> <servers>mongodb-host:27017</servers> <maxRetries>5</maxRetries> </noSQLConnecitonProvider> |
MongoDB Authentication
Aspire 3.2 .1 supports authenticating to MongoDB using X.509 or SCRAM. Based on the requirement will be necessary modify the settings.xml file.
SCRAM Authentication
Aspire 3.2.1 supports authenticating to MongoDB using SCRAM.
The Salted Challenge Response Authentication Mechanism (SCRAM) is a family of modern, password-based challenge–response authentication mechanisms providing authentication of a user to a server
To configure it, add the following to your settings.xml file:
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<!-- noSql database provider for the 3.0 connector framework -->
<noSQLConnectionProvider connectionsPerHost="10" sslEnabled="true" sslInvalidHostNameAllowed="false">
<implementation>com.searchtechnologies.aspire:aspire-mongodb-provider</implementation>
<dropOnClear>false</dropOnClear>
<servers>mongodb-host:27017</servers>
<authentication>
<scram>
<username>aspireUser</username>
<source>admin</source>
<password>encrypted:302B58140B6ED1FBEBDC33A9263EF742</password>
</scram>
</authentication>
</noSQLConnecitonProvider> |
MongoDB provider will verify the supplied user credentials against:
- Username -> User’s name (must be created in Mongo)
- Password -> User’s password, the system accepts passwords encrypted.
- Source -> Authentication database (usually “admin”)
For the correct Aspire behavior check that the user selected to authenticated have the roles:
- clusterAdmin: Provides the greatest cluster-management access. This role combines the privileges granted by the clusterManager, clusterMonitor, and hostManager roles. Additionally, the role provides the dropDatabase action.
- readWriteAnyDatabase: Provides the same read and write privileges as readWrite on all databases except local and config. readWriteAnyDatabase also provides the listDatabases privilege action on the cluster.
How to check the roles of a user, using mongo.exe:
| Code Block | ||||
|---|---|---|---|---|
| ||||
> use admin
> db.getUser("aspireAdmin");
{
"_id_": "admin.myUserAdmin",
"user": "myUserAdmin",
"db": "admin",
"roles": [
{
"role": "clusterAdmin",
"db"": "admin"
},
{
"role": "readWriteAnyDatabase",
"db": "admin"
}
]
}
> |
Enable Scram Authentication in MongoDB
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
> use admin
> db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [
{ role: "clusterAdmin", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" }
]
}
) |
4. Re-start the MongoDB
- Instance with access control.
$mongod.exe --auth –port 27017 - Re-start the MongoDB using configuration file. MongoDB configuration files use the YAML format. Adding security.authorization:enable
$ mongod --config /etc/mongod.conf
- Instance with access control.
...
| language | powershell |
|---|---|
| title | Configuration Example |
...
file
...
.
...
X.509 Authentication
Aspire 3.2 only supports authenticating to MongoDB using X.509.
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<!-- noSql database provider for the 3.2 connector framework --> <noSQLConnectionProvider connectionsPerHost="10" sslEnabled="true" sslInvalidHostNameAllowed="false"> <implementation>com.searchtechnologies.aspire:aspire-mongodb-provider</implementation> <dropOnClear>false</dropOnClear> <servers>mongodb-host:27017</servers> <x509username>CN=user,OU=OrgUnit,O=myOrg</x509username> </noSQLConnecitonProvider> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<!-- noSql database provider for the 3.2 connector framework --> <noSQLConnectionProvider connectionsPerHost="10" sslEnabled="false" sslInvalidHostNameAllowed="false"> <implementation>com.searchtechnologies.aspire:aspire-mongodb-provider</implementation> <dropOnClear>false</dropOnClear> <servers>mongodb-host:27017</servers> <encryptFields> <field>_id</field> <!-- Encrypts all the IDs --> <field>url</field> <!-- Encrypts the url fields --> <field>fetchUrl</field> <field>parentId</field> </encryptFields> </noSQLConnecitonProvider> |
Overview
Content Tools