Mongodb3.2.9开启用户权限认证问题的步骤详解
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Mongodb3.2.9开启⽤户权限认证问题的步骤详解
前⾔
⼤家在Mongodb安装好后,⼀般不需要⽤户名密码就可以直接使⽤,开发者认为只要使⽤环境⾜够安全,可以不使⽤认证,但是在实际使⽤中为了数据的安全,⼤多⼈还是选择了开启权限认证。
⼀、在⽼版的Mongodb(⼤概3.0以前)可以这样开启认证:
1、Linux环境下mongo shell⽅式认证:
>show dbs
##看到有如下数据
admin (empty)
comment 0.203125GB
dbtest (empty)
foo 0.203125GB
local (empty)
test 0.203125GB
>use admin
switched to db admin
> db.addUser('admin','12345678') ##添加⽤户
Mon Nov 5 23:40:00 [FileAllocator] allocating new datafile /data/db/admin.ns, filling with zeroes...
{
"user" : "admin",
"readOnly" : false,
"pwd" : "89e41c6c28d88d42c21fe501d82969ea",
"_id" : ObjectId("5097ddd00342c63efff3fbfb")
}
##之后运⾏
>showdbs
Mon Nov 5 23:45:13 uncaught exception: listDatabases failed:{ "errmsg" : "need to login", "ok" : 0 } ##提⽰需要登录
添加--auth 启动
./mongod -auth
./mongo
>use admin
switched to db admin
> db.auth('admin','12345678') ##⽤添加的账户密码查看
Mon Nov 5 23:49:32 [conn56] authenticate db: admin { authenticate: 1, nonce: "304f5242601fafa4", user: "admin", key: "58260df384b1146466efca5c90a5ff05" }
1
#1 说明登录成功
> show dbs
admin 0.203125GB
comment 0.203125GB
dbtest (empty)
foo 0.203125GB
local (empty)
test 0.203125GB
> use admin
switched to db admin
> show collections;
system.indexes
ers
> ers.find() ##查找数据
{ "_id" : ObjectId("5097ddd00342c63efff3fbfb"), "user" : "admin", "readOnly" : false, "pwd" : "89e41c6c28d88d42c21fe501d82969ea" }
2、php代码连接认证:
<?php
##1 使⽤超级⽤户连接mongodb
/*mongodb连接*/
$m = new Mongo("mongodb://admin:12345678@192.168.138.35:27017");
/*选择melon数据库*/
$db = $m->melon;
/*集合*/
$collection = melonco;
/*选择数据库⾥⾯的集合,相当于表*/
$collection = $db->$collection;
$array = array('name'=>'melon','age'=>'24','sex'=>'Male','birth'=>array('year'=>'1988','month'=>'07','day'=>'13'));
$collection->insert($array);
$cursor = $collection->find();
foreach ($cursor as $id => $value) {
echo "$id: "; var_dump($value); echo "<br>";
}
###2 使⽤数据库⽤户
/*mongodb连接*/
$m = new Mongo("192.168.138.35:27017");
/*选择comment*/
$db = $m->melon;
/*连接数据库*/
$db->authenticate("melon", "melon");
/*选择t数据库⾥⾯集合,相当于表*/
$collection = $db->melonco;
$array = array('name'=>'melon_son','age'=>'0','sex'=>'Male','birth'=>array('year'=>'201X','month'=>'07','day'=>'13'));
$collection->insert($array);
$cursor = $collection->find();
foreach ($cursor as $id => $value) {
echo "$id: "; var_dump($value); echo "<br>";
}
⼆、在3.0版之后的Mongodb,shell中依旧可以使⽤上述⽅法验证,但是php认证⼀直失败,⽇志中会报错(Failed to authenticate myuser@userdb with mechanism MONGODB-CR: AuthenticationFailed MONGODB-CR
credentials missing in the user document),原来新版的mongodb加⼊了SCRAM-SHA-1校验⽅式,需要第三⽅⼯具配合进⾏验证。
下⾯给出具体解决办法:
⾸先关闭认证,修改system.version⽂档⾥⾯的authSchema版本为3,初始安装时候应该是5,命令⾏如下:
> use admin
switched to db admin
> var schema = db.system.version.findOne({"_id" : "authSchema"})
> schema.currentVersion = 3
3
> db.system.version.save(schema)
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
不过如果你现在开启认证,仍然会提⽰AuthenticationFailed MONGODB-CR credentials missing in the user document
原因是原来创建的⽤户已经使⽤了SCRAM-SHA-1认证⽅式
> use admin
> db.auth('root','123456')
> ers.find()
{ "_id" : "admin.root", "user" : "root", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "XoI5LXvuqvxhlmuY6qkJIw==", "storedKey" : "VAT7ZVMw2kFDepQQ6/E0ZGA5UgM=", "serverKey" : "TebHOXdmY6IHzEE1rW1Onwowu { "_id" : "mydb.test", "user" : "test", "db" : "mydb", "credentials" : { "MONGODB-CR" : "c8ef9e7ab00406e84cfa807ec082f59e" }, "roles" : [ { "role" : "readWrite", "db" : "mydb" } ] }
解决⽅式就是删除刚刚创建的⽤户,重新重建即可:
> ers.remove({user:"test"});
> use mydb
>db.createUser({user:'test',pwd:'123456',roles:[{role:'readWrite',db:'mydb'}]})
然后开启认证,重启服务器,⽤php连接,⼀切OK
<?php
#1 使⽤数据库⽤户认证连接mongodb
/*mongodb连接*/
$m = new Mongo("mongodb://test:12345678@localhost:27017/mydb");
/*选择melon数据库*/
$db = $m->mydb;
/*选择数据库⾥⾯的集合stu,相当于表*/
$collection = $db->stu;
$array = array('name'=>'melon','age'=>'24','sex'=>'Male','birth'=>array('year'=>'1988','month'=>'07','day'=>'13'));
$collection->insert($array);
$cursor = $collection->find();
foreach ($cursor as $id => $value) {
echo "$id: "; var_dump($value); echo "<br>";
}
总结
以上就是这篇⽂章的全部内容了,希望本⽂的内容对⼤家的学习或者⼯作能带来⼀定的帮助,如果有疑问⼤家可以留⾔交流,谢谢⼤家对的⽀持。