[CSHARP-1989] C# Driver Connection to MOngoDB Using Kerberos Authentication Created: 29/May/17  Updated: 27/Oct/23  Resolved: 30/May/17

Status: Closed
Project: C# Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Minor - P4
Reporter: Varun Bhola Assignee: Unassigned
Resolution: Works as Designed Votes: 0
Labels: question
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows



 Description   

Hello,

I am trying to connect from my client application to a replicate set in MongoDB which is setup using Kerberos connection. My connection string is something like below:

mongodb://[user_name]%40[DO:[password]@HOST1:27017,HOST2:27017,HOST3:27017/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:Mongo27017/?writePreference=HOST1:27017

I am getting the error message : Unable to connect using sasl protocol mechanism GSSAPI.

We are using Enterprise version of MongoDB. From MongoShelll, I am able to connect successfully. I am using 2.4.3 C# driver for MongDB. Please assist.

Thanks,
Varun



 Comments   
Comment by Varun Bhola [ 30/May/17 ]

Hi Craig,

I figured out the issue. I was trying to use a couple of options within the connection string and was using '/?' to separate them. I could not find any example in the documentation which was using replica set connection as well as Kerberos authentication with a different SERVICE_NAME in the same connection string.

My working connection string is as follows:
"mongodb://[user_name]%40[DOMAIN.COM]:[PASSWORD]@HOST1,HOST2/?replicaSet=[REPLICASET_NAME]&authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:Mongo27017"

Thanks for looking into it.
Regards,
Varun

Comment by Craig Wilson [ 29/May/17 ]

Hi Varun,

Your connection string looks a little odd; particularly, the SERVICE_NAME. Was the SPN your ops guys created "Mongo27017"? What is likely happening here is that the service name getting used is something more like "Mongo27017/?writePReference=HOST1:27017". I highly doubt that is your intent. Also, "write preference" isn't a valid connection string parameter.

Can you show us how you are successfully connecting from the shell so we can compare?

Craig

Generated at Wed Feb 07 21:41:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.