Uploaded image for project: 'MongoDB ETL Tools'
  1. MongoDB ETL Tools
  2. TOOLS-1804

mongoexport does not work with x509 authentication

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: mongoexport
    • Labels:
      None
    • Environment:
      FreeBSD 11
    • Backport Requested:
      v3.2

      Description

      +*mongoexport fails with the following error.
      +*

      mongoexport --ssl --sslCAFile=/usr/local/share/certs/ca.pem --sslPEMKeyFile=/usr/local/share/certs/validcert.pem --authenticationMechanism=MONGODB-X509 --host hostname:27017 -d testdb -c testCol
      2017-10-04T15:44:19.228+0000    Failed: not authorized on testdb to execute command { count: "testCol", query: {} }
      

      *+Trying to login via mongo shell works fine
      +*

      # mongo --ssl --sslCAFile=/usr/local/share/certs/ca.pem --sslPEMKeyFile=/usr/local/share/certs/validcert.pem --authenticationMechanism=MONGODB-X509 --host hostname:27017
      MongoDB shell version: 3.2.13
      connecting to: hostname:27017/test
      validcert:PRIMARY> db.getSiblingDB("$external").auth(
      ...   {
      ...     mechanism: "MONGODB-X509",
      ...     user: "OU=UK Infrastructure MongoDB Client,O=GlobalSign,ST=London,C=GB,CN=MongoDB DB Counters User"
      ...   }
      ... )
      1
      validcert:PRIMARY> use counters
      switched to db counters
      validcert:PRIMARY> db.DB.findOne()
      {
              "_id" : ObjectId("59355wee02264c05ba422c0d"),
              "a" : "asdasdasd",
              "c" : "DB_test_stg",
              "o" : "iii",
              "p" : "DB",
              "v" : NumberLong(asdad)
      }
      

      *+This is the role privilege of the account
      +*

      {
                              "_id" : "$external.<credentials>",
                              "user" : "<credentials>",
                              "db" : "$external",
                              "roles" : [
                                      {
                                              "role" : "__system",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "read",
                                              "db" : "counters"
                                      },
                                      {
                                              "role" : "createIndexOntestCol",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "readWritetestCol",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "root",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "readAnyDatabase",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "listandCreateIndexOntestCol",
                                              "db" : "admin"
                                      }
                              ]
                      }
      

        Attachments

          Activity

            People

            • Assignee:
              mark.agarunov Mark Agarunov
              Reporter:
              weishan Wei Shan Ang
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: