[SERVER-12893] Creating a user requires auth schema upgrade when no old schema was defined Created: 25/Feb/14  Updated: 10/Dec/14  Resolved: 26/Feb/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.6.0-rc0
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Tyler Brock Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Steps To Reproduce:

All of these were run on the vagrant ldap vm:

mongodb/bin/mongod --conf shard.conf
mongodb/bin/mongod --conf config.conf
mongodb/bin/mongos --conf mongos.conf

shard.conf

dbpath=./shard
logpath=./shard.log
fork=true
auth=true
port=3000
nojournal=true
keyFile=keyfile
logappend=true
setParameter=saslauthdPath=/var/run/saslauthd/mux
setParameter=authenticationMechanisms=PLAIN,MONGODB-CR

config.conf

dbpath=./config
logpath=./config.log
fork=true
auth=true
nojournal=true
logappend=true
port=3001
keyFile=keyfile
setParameter=saslauthdPath=/var/run/saslauthd/mux
setParameter=authenticationMechanisms=PLAIN,MONGODB-CR

mongos.conf

logpath=./mongos.log
logappend=true
fork=true
configdb=localhost:3001
setParameter=saslauthdPath=/var/run/saslauthd/mux
setParameter=authenticationMechanisms=PLAIN,MONGODB-CR
keyFile=keyfile
port=3002

Participants:

 Description   

I setup a 2.6.0-rc0 cluster as defined below, no older binaries were ever used. When I create a user it complains that there is an old auth schema but how could that be if I never had any old users, its a brand new database, config server, shards, etc and this is 2.6.0-rc0? After I run the upgrade schema step it works fine but the usability of this is not great.

mongos> use whatever
mongos> db.createUser({
  user: "tbrock",
  pwd: "sekret",
  roles: [ {role: "readWrite", db: "whatever" } ]
})
2014-02-25T20:37:18.315+0000 Error: couldn't add user: User and role management commands require auth data to have schema version 3 but found 1 at src/mongo/shell/db.js:1007



 Comments   
Comment by Tyler Brock [ 26/Feb/14 ]

I just realized that the command we use to setup the ldap user during the test inserts directly into admin.system.users with the old schema:

db.system.users.insert({
  "roles" : [ "dbAdminAnyDatabase", "userAdminAnyDatabase", 
              "clusterAdmin", "readWriteAnyDatabase" ],
  "userSource":"$external", 
  "user" : "dbadmin"
})

Comment by Spencer Brody (Inactive) [ 26/Feb/14 ]

That's... odd. Can you attach the output of:

use admin;
db.system.users.find();
db.system.version.find();
db.adminCommand({getParameter: 1, authSchemaVersion: 1});

on a clean system where you're seeing this problem?

Generated at Thu Feb 08 03:29:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.