-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
1,675
-
(copied to CRM)
I had a support case with the following:
/apps/mongodb/sysmngdemeafrm1/downloads/mongodb-linux-x86_64-3.6.12-ent/bin/mongoimport --verbose --host=ldndsr000006502.intranet.barcapint.com:27118 --gssapiHostName=ldndsr000006502.intranet.barcapint.com --ssl --sslAllowInvalidHostnames --sslAllowInvalidCertificates -d DBInventory -c Paramdata --upsert --upsertFields MInstance --file=arbiter_data.txt
2019-05-20T13:10:36.089+0100 using upsert fields: [MInstance]
2019-05-20T13:10:36.089+0100 filesize: 808 bytes
2019-05-20T13:10:36.089+0100 using fields:
2019-05-20T13:10:36.101+0100 connected to: ldndsr000006502.intranet.barcapint.com:27118
2019-05-20T13:10:36.101+0100 ns: DBInventory.Paramdata
2019-05-20T13:10:36.104+0100 connected to node type: replset
2019-05-20T13:10:36.104+0100 using write concern: w='majority', j=false, fsync=false, wtimeout=0
2019-05-20T13:10:36.107+0100 using write concern: w='majority', j=false, fsync=false, wtimeout=0
2019-05-20T13:10:36.110+0100 error inserting documents: not authorized on DBInventory to execute command { update: "Paramdata", writeConcern: { getLastError: 1, w: "majority" }, ordered: true, $db: "DBInventory" }
2019
The solution was to add the missing --username parameter which in hindsight is obviously but which wasted some time.
Doesn't the -gssapiHostName flag enable auth on the call? Therefore, can we add a check for missing username and prompt with a warning message as mongoimport starts? Or at least once it fails with an "not authorized" error when no -username is specified?
I presume this will apply to most tools that support Kerberos auth, e.g. mongoimport, mongoexpert, mongo shell etc.