I created admin:
> use admin
switched to db admin
> db.createUser(
... {
... user: 'admin',
... pwd: 'password',
... roles: [ { role: 'root', db: 'admin' } ]
... }
... );
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> exit;
But when I wanted to logged in I get an error:
> use admin
switched to db admin
> db.auth('admin','password');
Error: Authentication failed.
0
I tried also with:
mongo --port 27017 --authenticationDatabase "admin" -u "admin" -p "password"
and:
mongo localhost:27017/admin -u admin -p password
But it also doesn't work.
After restarting my PC, I was able to log in to mongodb as admin.
Related
below is the bash script and I want to pass the value of 'a' from for loop to mongoDB command but I am getting $a is not defined error. How to pass the value to mongo command.
{ "account_id" : $a } is the part of the below command.
#!/usr/bin/bash
for a in `cat /tmp/account.txt`;
do
mongo --authenticationDatabase admin -u 'xxxxxx' -p 'xxxxxxxxx' --quiet --eval 'db.executions.find({ $and : [ { "account_id" : $a }, { "status" : "running" }, { "created_at" : { "$gt" : ISODate("2022-09-01T00:00:00.000Z") } }, { "created_at" : { "$lt" : ISODate("2022-10-01T00:00:00.000Z") } } ] } ,{"account_id":1,"created_at":1} ).count()' selfservice_production;
done
account.txt
35331
35332
35333
35334
35335
35336
35337
35338
35339
35340
need to add the variable in single quotes. Its working for me.
{ "account_id" : "'$a'" } is what I changed.
#!/usr/bin/bash
for a in `cat /tmp/account.txt`
do
mongo --authenticationDatabase admin -u "xxxx" -p "xxxxxxxxxx" --quiet selfservice_production --eval 'db.executions.find({ $and : [ { "account_id" : "'$a'" }, { "status" : "running" }, { "created_at" : { "$gt" : ISODate("2022-08-01T00:00:00.000Z") } }, { "created_at" : { "$lt" : ISODate("2022-09-01T00:00:00.000Z") } } ] } ,{"account_id":1,"created_at":1} ).count()'
done
Reference: Use variables with --eval in mongodb
I need to generate the migration with TypeORM and it does it with this command:
npm run typeorm migration:generate -n test
but the problem is that it generates the migrations that include the DB name
await queryRunner.query(`CREATE TABLE \`testdb\`.\`lbs_user\` (\`id\` char(36) NOT ...
can I somehow remove "testdb"?
this is the config file
{
"type": "mysql",
"host": conf.env.migrationDatabase.host,
"port": conf.env.migrationDatabase.port,
"username": conf.env.migrationDatabase.username,
"password": conf.env.migrationDatabase.password,
"database": conf.env.migrationDatabase.dbName, //the database name is -> testdb
"entityPrefix": conf.env.database.entityPrefix,
"synchronize": false,
"migrationsTableName": `${conf.env.database.entityPrefix}migrations`,
"entities": ["src/modules/db/entities/**/*.entity.ts"],
"migrations": ["src/migrations/**/*.ts"],
"cli": {
"migrationsDir": "src/migrations",
}
}
Entity declaration:
#Entity("user")
export class UserEntity {
#PrimaryColumn({ generated: "uuid" })
id: string;
#Column({
unique: true,
})
email: string;
In the end, it appeared that I was using an old version of typeorm. upgraded to version 0.2.38 and no database name is generated anymore.
I have registered Azure active directory as an identity provider in the Keycloack server.
I am getting groups array in azure's id_token and it looks like:
{
aud: "https://contoso.onmicrosoft.com/scratchservice",
iss: "https://sts.windows.net/b9411234-09af-49c2-b0c3-653adc1f376e/",
iat: 1416968588,
nbf: 1416968588,
exp: 1416972488,
ver: "1.0",
tid: "b9411234-09af-49c2-b0c3-653adc1f376e",
amr: [
"pwd"
],
roles: [
"Admin"
],
oid: "6526e123-0ff9-4fec-ae64-a8d5a77cf287",
upn: "[hidden email]",
unique_name: "[hidden email]",
sub: "yf8C5e_VRkR1egGxJSDt5_olDFay6L5ilBA81hZhQEI",
family_name: "User",
given_name: "Sample",
groups: [
"0e129f6b-6b0a-4944-982d-f776000632af",
"323b13b3-1851-4b94-947f-9a4dacb595f4",
"6e32c250-9b0a-4491-b429-6c60d2ca9a42",
"f3a161a7-9a58-4e8f-9d47-b70022a07424",
"8d4c81b2-b1ad-476d-9574-544d155aa6ff",
"1bf80164-ff24-4866-b19c-6212e5b9a847",
"76f80127-f2cd-46f4-8c52-8edd8bc749b1",
"0ba27160-44d0-42b5-b90c-47b3fcc48e35"
],
appid: "b075ddef-0efa-123b-997b-de1337c29185",
appidacr: "1",
scp: "user_impersonation",
acr: "1"
}
In id_token generated by the Keycloak server, there are no groups.
How can I get azure AD groups in keycloack id_token.
I resolved this issue by creating a mapper.
Steps:
Create Attribute importer type mapper in the identity provider
Create User attribute type mapper in the client
Right now I can log out of Identity Server. But when logging back in, I can just select my email address - without having to reenter my password - to log in though Google to access my app.
I want to have to reenter my password (because the device is shared between multiple users). I followed the documentation, but I must be missing something.
(I am using a MVC client to test things out)
Here is the client's configuration:
{
"Enabled": true,
"EnableLocalLogin": false,
"ClientId": "backOffice.mvc",
"ClientName": "BackOffice client",
"ClientSecrets": [
{
"Value": "xxx"
}
],
"AllowedGrantTypes": [
"hybrid"
],
"AllowedScopes": [
"openid",
"offline_access",
"profile"
],
"RedirectUris": [
"http://localhost:5098/signin-oidc"
],
"PostLogoutRedirectUris": [
"http://localhost:5098/"
],
"RequireConsent": false,
"AllowOfflineAccess": true
}
And the provider settings:
.AddOpenIdConnect("Google", "Google", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ForwardSignOut = IdentityServerConstants.DefaultCookieAuthenticationScheme;
options.Authority = "https://accounts.google.com/";
options.ClientId = Configuration["GoogleClientId"];
options.CallbackPath = "/signin-google";
options.Scope.Add("email");
})
Thanks a lot for any help! And please let me know if you need more informations :)
Unfortunately Google does not advertise an end_session endpoint via https://accounts.google.com/.well-known/openid-configuration so front-channel sign out is not an option.
However you may be able to provide an additional prompt=login parameter in the authorize endpoint request in an attempt to force interactive authentication. You can enforce this in your client by checking that the auth_time claim is suitably recent.
Using mlab, with Meteor, and deploying to Galaxy, I am receiving error "not authorized on <DB> to execute command".
This error started when I accidentally deleted the database user I was using to log in. I re-created the user. I made sure my account user had the same username and password. The database user has the following credentials:
{
"_id": "db.username",
"user": "username",
"db": "password",
"roles": [
{
"role": "dbOwner",
"db": "db"
}
]
}
My settings url has not changed:
mongodb://username:password#ds115758.mlab.com:15758/db
What am I doing wrong? This is driving me crazy :(
Error:
Exception in setInterval callback: MongoError: not authorized on db to execute command { delete: "meteor_oauth_pendingRequestTokens", ordered: true, $db: "db" }
Reach out to support#mlab.com. They are super helpful and helped me debug and fix my issue.
In case it's helpful, the ongoing authentication issues were due to my Galaxy app not closing and re-opening connections following the removal of the database user. I've included some log messages below showing this behavior:
2018-10-22T05:00:00.798-0700 I COMMAND [conn616856] command db.dbname command: insert { insert: "dbname", ordered: true, $db: "db" } ninserted:1 keysInserted:1 numYields:0 reslen:229 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, MMAPV1Journal: { acquireCount: { w: 2 }, acquireWaitCount: { w: 1 }, timeAcquiringMicros: { w: 46 } }, Database: { acquireCount: { w: 2 } }, Collection: { acquireCount: { W: 1 } }, Metadata: { acquireCount: { W: 1 } }, oplog: { acquireCount: { W: 1 } } } protocol:op_query 182ms
2018-10-22T23:15:34.155-0700 I ACCESS [conn616856] Removed deleted user dbusername#db from session cache of user information.
2018-10-22T23:15:34.155-0700 I ACCESS [conn616856] Unauthorized: not authorized on db to execute command { find: "meteor_accounts_loginServiceConfiguration", filter: {}, projection: { secret: 0 }, $db: "db" }
From yesterday, when the user was removed:
2018-10-22T05:00:00.798-0700 I COMMAND [conn616856] command db.dbname command: insert { insert: "dbname", ordered: true, $db: "db" } ninserted:1 keysInserted:1 numYields:0 reslen:229 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, MMAPV1Journal: { acquireCount: { w: 2 }, acquireWaitCount: { w: 1 }, timeAcquiringMicros: { w: 46 } }, Database: { acquireCount: { w: 2 } }, Collection: { acquireCount: { W: 1 } }, Metadata: { acquireCount: { W: 1 } }, oplog: { acquireCount: { W: 1 } } } protocol:op_query 182ms
2018-10-22T23:15:34.155-0700 I ACCESS [conn616856] Removed deleted user dbusername#db from session cache of user information.
2018-10-22T23:15:34.155-0700 I ACCESS [conn616856] Unauthorized: not authorized on db to execute command { find: "meteor_accounts_loginServiceConfiguration", filter: {}, projection: { secret: 0 }, $db: "db" }
From today; note how the not authorized messages have the same thread ID (conn616856):
2018-10-23T09:24:54.778-0700 I ACCESS [conn616856] Unauthorized: not authorized on db to execute command { delete: "meteor_oauth_pendingCredentials", ordered: true, $db: "db" }
2018-10-23T09:27:54.785-0700 I ACCESS [conn616856] Unauthorized: not authorized on db to execute command { delete: "meteor_oauth_pendingCredentials", ordered: true, $db: "db" }
2018-10-23T09:30:54.794-0700 I ACCESS [conn616856] Unauthorized: not authorized on db to execute command { delete: "meteor_oauth_pendingCredentials", ordered: true, $db: "db" }
All of the existing connections lost their permissions' removed when the database user was removed. These connections either need to re-authenticate or new authenticated connections will need to be created.
I tried closing my connection and having it start again and it seems to be working better.
Denzil