MongoDB command createUser requires authentication - database

I just installed Mongo DB on my Linux Server. Now I want to create an main admin user.
I followed the offical docs, but every time I run the command I get:
uncaught exception: Error: couldn't add user: command createUser requires authentication: _getErrorWithCode#src/mongo/shell/utils.js:25:13 DB.prototype.createUser#src/mongo/shell/db.js:1386:11 #(shell):1:1
I really don't know what I should do to fix this error.
Inside the /etc/mongod.conf config file authentication is disabled:
security:
authorization: "disabled"
Thanks for help!

To create the first user, you need to have authentication enabled and use the localhost passthrough: open mongoshell (the mongo command) from the same server in which the database is running.
Note that the passthrough is valid only when you connect via localhost and when no users have yet been created (once you create the first user, you will need to authenticate to perform any tasks). If you already created a user but don't remember the password, you will need to delete the entire dbPath folder, restart mongod and then use the passthrough to create the first user.

Related

Create user mapping without password how to configure authentication

I am trying to create a user mapping in PostgreSQL without a password, but I am encountering an error that says.
local_db=> select * from employee;
ERROR: could not connect to server "testmachine02"
DETAIL: connection to server at "192.168.56.10", port 5432 failed: fe_sendauth: no password supplied
Here is the command that I used to create the user mapping:
CREATE USER MAPPING for app_user SERVER testmachine02 OPTIONS (password_required 'false');
I also created a pgpass file with the following entries:
localhost:5432:local_db:app_user:app_user123
192.168.56.10:5432:admin:admin:admin123
192.168.56.10:5432:remote_db:test:test123
Despite these steps, I am still unable to access the table without a password. How can I create a user mapping without a password and access the table?
here is what I am getting after creating a .pgpass file under /pgsql:
The password file does not get proxied through your client to be used by server. The .pgpass file you need the password in is the one which would be used for the OS user who runs the database server. So often that would be something like "/var/lib/postgresql/.pgpass", not something like "/home/arahal/.pgpass". If you do this and set (password_required 'false'), it will work.
But why not just stick the password in the user mapping and be done with it? The purpose of password_required is to give you the option of using non-password-based authentication methods.

Moodle LDAP integration - LDAP-module cannot connect to any servers

I managed to get my Active Directory up and running, and now I want to integrate my MS-AD into my Moodle server. I followed the steps from the Moodle docs as close as I can.
This is the error message I get when trying to log into my Moodle server with an Active Directory User:
LDAP-module cannot connect to any servers: Server: 'ldap://europe.domain.com/', Connection: 'Resource id #16', Bind result: ''
And here is my LDAP server configuration within Moodle:
LDAP server settings
Host URL: ldap://europe.domain.com/
Version: 3
Use TLS: No
Bind settings
Distinguished name: cn=ldap-user,dc=europe,dc=domain,dc=com
User lookup settings
User type: MS ActiveDirectory
Contexts: ou=moodleusers,dc=europe,dc=domain,dc=com
Thats what I have done so far:
Created "moodleusers" OU
Created ldap-user AD user account & set the password to "Password never expires."
What have I done wrong?
There's a possible answer here in the Moodle forums
https://moodle.org/mod/forum/discuss.php?d=427908#p1722336
Bind result normally refers to two things.
Your bind user is entered incorrectly (perhaps an expired or changed password)
Your bind user does not have the necessary permissions on the OU referenced in the context.
Maybe also try one of the LDAP tools to test the connection outside of Moodle
https://ldap.com/ldap-tools/
For example
http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Allowed to connect without authentication and read only users can write in MongoDB

I had to create a new user in a MongoDB Server and grant it read-only permissions to a single database. Note that I am not the administrator here.
I connected with my user and executed the following code:
db.createUser({user: "newuser", pwd: "mypassword", roles: [{role: "read", db: "mydatabase"}]})
Then I started testing and I found that
I can connect with this newly created newuser user both with Robo3T and Mongo Shell (mongo command).
I can read the mydatabase database
I can still WRITE (insert, update etc) freely in this database
I can read anything from other databases in the server (I didnt try to write).
I can connect with this database without passing username and password, with Robo3t AND Mongo Shell
I can force a bad authentication by providing wrong username and passwords (when passed)
When I execute db.runCommand({connectionStatus : 1}), I get this output:
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "newuser",
"db" : "mydatabase"
}
],
"authenticatedUserRoles" : [
{
"role" : "read",
"db" : "mydatabase"
}
]
},
"ok" : 1,
...
}
With Mongo Shell I connect with this command (but also passing --authenticationDatabase):
mongo --host mongodb://servers:ports/mydatabase?replicaSet=myreplicaset --username newuser --password mypassword
So my questions are very basic, I guess.
Why can I connect without authenticating?
Why can I still write with this read-only user?
Why can I still access other databases with this user?
Thanks in advance!
#edit:
I wonder if it`s something related to this:
https://docs.mongodb.com/manual/tutorial/enable-authentication/
I ve seen some people (check this out) saying that forgot to enable access control. Since I am not the administrator of this database, I am still confused (i`m not a very experienced user)
Why can I connect without authenticating?
You are correct with access control. What you have described is a little strange however, according to Mongo basic security, it is the job of the DBA to create users; so as you are not an administrator, you should not really be creating users?
Nonetheless, mongod (the mongo daemon) is the process responsible for running MongoDB. When this initially started, it probably didn't have authentication enabled in the configuration, the process needs restarting with it enabled. This is access control.
This is why you can authenticate as any user, and maybe the same reason that you can create users despite not being an admin?
Why can I still write with this read-only user?
Probably the same reason as above, if true then users can just do whatever they like as there is no authorisation for a users actions.
Another common reason is authenticating with a new user without dropping your previous user. If you re-auth with someone else the wrong way, you may end up having the current session with more permissions than intended.
Why can I still access other databases with this user?
Again, most likely the same as above. No authentication is taking place.
NOTE:
https://docs.mongodb.com/manual/core/authentication/
When access control, i.e. authorization, is enabled, MongoDB requires all clients to authenticate themselves in order to determine their access.

Unable to update data source configuration in Forena Report for Drupal 7

I was trying to update one of the data source of my forena configuration. I first update the uri address. After I clicked Updated the forena module broke. I'm sure the problem is that one of the Data Source (the one I updated) can't connect to the database because I didn't update the password. But now, eveytime I click in Configure in my Data source I get the following error:
Fatal error: Call to a member function setAttribute() on a non-object
in
/opt/bitnami/apps/drupal/htdocs/sites/all/modules/forena/plugins/FrxPDO.inc
on line 63
Becuase of this error I can't correct the password.
The drupal log shows the following:
SQLSTATE[HY000] [1045] Access denied for user
'bitnami'#'54.204.20.212' (using password: YES)
I'm thinking there most be a config file somewhere in the htdocs directory but I can't find it.
Can somebody guide on how to fix this?
Thanks,
Claudia
Bitnami developer here,
It seems that bitnami user is trying to access to the dtabase. By default, bitnami user has not privileges to access to the drupal database.
Check in installdir/apps/drupal/htdocs/sites/default/settings.php
the user and the password of the drupal database. You could try execute the action with these parameters. By default, your database name should be bitnami_drupal, and your user bn_drupal.
You also can change the privileges for bitnami user:
$ /installdir/mysql/bin/mysql -u root -p
grant all privileges on bitnami_drupal.* TO 'bitnami'#'localhost' identified by 'not_easy_password'
If you want to create a new database, please follow this link:
https://wiki.bitnami.com/Components/MySQL#How_to_create_a_database_for_a_custom_application.3f
I hope it helps
David

Parallels Plesk Panel unable to connect to database

I don't know how to create a database into Parallels Plesk Panel, so I tried it going to the PhpMyAdmin creating the database and modifying the admin user password from there, but now the system is showing me the next error:
ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:150
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:107
ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:150
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:107
What can I do to fix it?
Try to connect to psa database:
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa
In case you cannot connect, try to update admin user for mysql with this password. After that Plesk should be able to connect with this database.
I also add this problem, for me the above solution didnt work. it appears plesk has been evolving it's password protection (e.g. .psa.shadow is now aes-cbc encrypted)
this kb article worked for me - i'm using plesk 11.09
http://kb.parallels.com/112492
I got myself into this situation when i got a cloud vm instance where i couldnt log into mysql. so i mysqld_safe and updated the admin password to what it was supposed to be, which meant i could log in but I also broke plesk. this kb got plesk back on its feet again
One thing I found; after following these steps I am not able to login to the plesk 'admin' user on the command line, even with the password i specified in the env variable ! so before resetting the admin password as per this kb article, create another mysql user with all privileges. then use the new user so you dont have the problem of sharing a user with plesk
as to why this happens i dont know, i'm interested if someone does. what appears to be happening is that the ch_admin_passwd of psa starts mysql with security disabled, does some operation on the password (obfuscate?, encrypt?, add salt?) and sets that password for the admin user. whatever that interim operation means that while plesk can log into mysql as admin because it's consistent with itself, the cleartext version of the password specified to ch_admin_passwd does not work on the command line with mysql

Resources