-
Notifications
You must be signed in to change notification settings - Fork 478
Usage with Authentication
Mongo Connector fully supports the MONGODB-CR ("challenge-response") authentication mechanism. This is the default way of authenticating in MongoDB. This page explains how to use authentication with mongo-connector and assumes you already have a replica set or sharded cluster running with auth enabled. For detailed instructions on how to do this, please visit the MongoDB Authentication Manual.
There are two ways to authenticate a user to MongoDB: providing the password on the command-line (not recommended) or using a keyfile.
Providing the password on the command-line is not recommended, since it will be visible when listing processes (e.g., with ps
on linux). However, it can be useful for testing. Basic usage is as follows:
mongo-connector -m localhost:27017 -t http://localhost:8983/solr -d solr_doc_manager.py \
--admin-username <administrator username> \
--password <administrator password>
Using a keyfile is much safer than providing a plaintext password on the command-line. If your keyfile is called mongodb.key
, you can use that keyfile with mongo-connector as follows:
mongo-connector -m localhost:27017 -t http://localhost:8983/solr -d solr_doc_manager.py \
--admin-username <administrator username>
--password-file mongodb.key
Note that mongo-connector currently only authenticates as a single user, the "admin user". Although this user doesn't actually need to be the superuser for your mongodb cluster, this user needs to be able to query the oplog.rs
collection as well as any namespaces provided in --namespace-set
. If no --namespace-set
is provided, the user needs to be able to query every collection.
Since any MongoDB connection string can be provided to the -m
option of Mongo Connector, Mongo Connector also supports any connection type that can be expressed in the URI. This includes support for the authMechanism
, authSource
, and gssapiServiceName
connection arguments. Mongo Connector can also use SSL via the connection string but cannot currently validate x509 certificates. See authentication options in the MongoDB Manual for details.