[SERVER-7539] singleShard error in addUser Created: 02/Nov/12  Updated: 08/Mar/13  Resolved: 06/Jan/13

Status: Closed
Project: Core Server
Component/s: Security, Sharding
Affects Version/s: 2.0.7
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Anton V. Volokhov Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

Hi there!
I am trying to create a user with the same name after dropping the database. Physically, there is no users in this database on mongod on the other shard. As a result of the following command, user is created only on the one shard, and applications throws unauthorised exceptions.
mongos>db.addUser("app","xxx"){
"singleShard" : "mongodb-sh2/mongodb02d.load.net:27017,mongodb02f.load.net:27017,mongodb02g.load.net:27017",
"n" : 0,
"lastOp" : NumberLong("5806174783460605953"),
"connectionId" : 98514,
"err" : null,
"ok" : 1
}
{
"user" : "app",
"readOnly" : false,
"pwd" : "9a72265ed14a1f833604151e412894d4",
"_id" : ObjectId("5093ad34b969a220a604e226")
}



 Comments   
Comment by Spencer Brody (Inactive) [ 06/Jan/13 ]

Great, glad to hear you were able to get everything working.

Comment by Anton V. Volokhov [ 06/Jan/13 ]

No, fixed with recreating the user. Possibly, the problem was with the second shard, which was terribly lagging.

Comment by Spencer Brody (Inactive) [ 04/Jan/13 ]

Hi Anton,
Is this still causing you a problem? Does this happen every time you try to add a user to this database? When you query this database's system.users collection, do you see the user you tried to create showing up?

Comment by Anton V. Volokhov [ 02/Nov/12 ]

I'm using mongodb 2.0.7
I had an authentication with username "app" and password, say, "foo" for database "rating".
My apps worked with this credentials correctly.
Then I dropped this database, recreated and partitioned it.
Then I tried to add a user with the same login and password, and I saw mentioned output.
Ant at the same time my apps started to throw unauthorised exception.
When I add this user to another partitioned database I have a following output:

{ "user" : "app", "readOnly" : false, "pwd" : "9a72265ed14a1f833604151e412894d4", "_id" : ObjectId("5093ad34b969a220a604e226") }

without strange

{ "singleShard" : "mongodb-sh2/mongodb02d.load.net:27017,mongodb02f.load.net:27017,mongodb02g.load.net:27017", "n" : 0, "lastOp" : NumberLong("5806174783460605953"), "connectionId" : 98514, "err" : null, "ok" : 1 }
Comment by Spencer Brody (Inactive) [ 02/Nov/12 ]

Hi Anton,
I'm not sure I understand exactly what the problem is that you're seeing. When you add users to a database (other than admin or config) in a sharded system, the users get added on the primary shard for that database and not to the other shards. That is expected behavior.

Are you also having problems authenticating? You will need to run db.auth(<username>, <password>) on any new connection you make to a mongos running with security enabled. Did you get an error running db.auth? What version of mongodb are you using?

If you haven't already, I recommend reading through our documentation on our authentication system here and here.

Comment by Anton V. Volokhov [ 02/Nov/12 ]

a bit of logs from mongos

Fri Nov 2 15:23:38 [conn973] Request::process ns: rating.$cmd msg id:4664 attempt: 0
Fri Nov 2 15:23:38 [conn973] single query: rating.$cmd

{ getnonce: 1 }

ntoreturn: -1 options : 4
Fri Nov 2 15:23:38 [conn973] Request::process ns: rating.$cmd msg id:4665 attempt: 0
Fri Nov 2 15:23:38 [conn973] single query: rating.$cmd

{ authenticate: 1, user: "app", nonce: "be4258d1b4d8a815", key: "bd790de336213f242ccdaa2a649585b9" }

ntoreturn: -1 options : 4
Fri Nov 2 15:23:38 [conn973] authenticate:

{ authenticate: 1, user: "app", nonce: "be4258d1b4d8a815", key: "bd790de336213f242ccdaa2a649585b9" }

Fri Nov 2 15:23:38 [conn973] auth: couldn't find user app, rating.system.users
Fri Nov 2 15:23:38 [conn973] Request::process ns: rating.system.indexes msg id:4666 attempt: 0
Fri Nov 2 15:23:38 [conn973] single query: rating.system.indexes { query: { name: "_url_1", ns: "rating.entity", key:

{ _url: 1 }

}, $readPreference:

{ mode: "secondaryPreferred" }

} ntoreturn: -1 options : 4
Fri Nov 2 15:23:38 [conn973] User Assertion: 15845:unauthorized
Fri Nov 2 15:23:38 [conn973] AssertionException while processing op type : 2004 to : rating.system.indexes :: caused by :: 15845 unauthorized

Generated at Thu Feb 08 03:14:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.