These are chat archives for rsercano/mongoclient

5th
Jun 2016
Sercan Özdemir
@rsercano
Jun 05 2016 08:50
@hongbizi Hello there
hongbizi
@hongbizi
Jun 05 2016 08:50
Hello
Sercan Özdemir
@rsercano
Jun 05 2016 08:51
what exactly do you mean it fails on fetching information ? I tried to connect via certificate and it was working without any issue
hongbizi
@hongbizi
Jun 05 2016 08:51
This is how you do x509 auth in mongo:
db.getSiblingDB("$external").runCommand(
{
createUser: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry",
roles: [
{ role: 'readWrite', db: 'test' },
{ role: 'userAdminAnyDatabase', db: 'admin' }
],
writeConcern: { w: "majority" , wtimeout: 5000 }
}
)
So you'd need to extract some fields from certificate to us as username.
If you set
Sercan Özdemir
@rsercano
Jun 05 2016 08:54
okay, I see then I guess your issue still persists
hongbizi
@hongbizi
Jun 05 2016 08:54
if you set
security:
clusterAuthMode: x509
you'l see what I mean
Sercan Özdemir
@rsercano
Jun 05 2016 08:55
I've just tried with standard certificate, will have a look at it now then.
hongbizi
@hongbizi
Jun 05 2016 08:56
I meant set the mentioned parameter in mongodb server.
Authentication is performed by
db.getSiblingDB("$external").auth(
{
mechanism: "MONGODB-X509",
user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
}
)
Sercan Özdemir
@rsercano
Jun 05 2016 08:57
yeah I know, but I wonder how mongochef, robomongo and other clients do this, since they don't get any username input while you are connecting via certificate.
hongbizi
@hongbizi
Jun 05 2016 08:57
You could extract the fields from the certificate.
Sercan Özdemir
@rsercano
Jun 05 2016 08:58
is it mandatory to provide a username ?
hongbizi
@hongbizi
Jun 05 2016 08:58
openssl x509 -in <pathToClient PEM> -inform PEM -subject -nameopt RFC2253
...and parse the"subject" field.
Sercan Özdemir
@rsercano
Jun 05 2016 08:58
I see
hongbizi
@hongbizi
Jun 05 2016 08:59
Yes, username is mandatory.
Sercan Özdemir
@rsercano
Jun 05 2016 08:59
When I look over here http://mongodb.github.io/node-mongodb-native/2.0/tutorials/enterprise_features/, I see what you mean clearer
will open another issue for x509 authentication
thanks to your issue, I've fixed the standard certificate process :)
hongbizi
@hongbizi
Jun 05 2016 09:02
Here is the how to for x509 authentication.
Sercan Özdemir
@rsercano
Jun 05 2016 09:02
I'm going to add a checkbox to enable x509 authentication and will take username from user.
as you mentioned
hongbizi
@hongbizi
Jun 05 2016 09:03
I think it is simpler that way.
Sercan Özdemir
@rsercano
Jun 05 2016 09:03
Indeed
As soon as I get some more free time I was planning to add LDAP implementation, but it will take much more time.
hongbizi
@hongbizi
Jun 05 2016 09:04
Thanks, Take your time:-)
Sercan Özdemir
@rsercano
Jun 05 2016 09:04
Thanks for feedback mate, I'll inform you as soon as I implement this.
hongbizi
@hongbizi
Jun 05 2016 09:08
You are mostl welcome
and thanks for your efforts
Sercan Özdemir
@rsercano
Jun 05 2016 09:08
:)
Sercan Özdemir
@rsercano
Jun 05 2016 09:32
are you there @hongbizi
hongbizi
@hongbizi
Jun 05 2016 11:32
Yes, Now I am.
Sercan Özdemir
@rsercano
Jun 05 2016 12:50
I just wanted to ask did it work, but we already talked as comments in the issue itself :)
hongbizi
@hongbizi
Jun 05 2016 13:59
Ok