Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-1804

mongoexport does not work with x509 authentication

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: mongoexport
    • None
    • Environment:
      FreeBSD 11
    • v3.2

      +*mongoexport fails with the following error.
      +*

      mongoexport --ssl --sslCAFile=/usr/local/share/certs/ca.pem --sslPEMKeyFile=/usr/local/share/certs/validcert.pem --authenticationMechanism=MONGODB-X509 --host hostname:27017 -d testdb -c testCol
      2017-10-04T15:44:19.228+0000    Failed: not authorized on testdb to execute command { count: "testCol", query: {} }
      

      *+Trying to login via mongo shell works fine
      +*

      # mongo --ssl --sslCAFile=/usr/local/share/certs/ca.pem --sslPEMKeyFile=/usr/local/share/certs/validcert.pem --authenticationMechanism=MONGODB-X509 --host hostname:27017
      MongoDB shell version: 3.2.13
      connecting to: hostname:27017/test
      validcert:PRIMARY> db.getSiblingDB("$external").auth(
      ...   {
      ...     mechanism: "MONGODB-X509",
      ...     user: "OU=UK Infrastructure MongoDB Client,O=GlobalSign,ST=London,C=GB,CN=MongoDB DB Counters User"
      ...   }
      ... )
      1
      validcert:PRIMARY> use counters
      switched to db counters
      validcert:PRIMARY> db.DB.findOne()
      {
              "_id" : ObjectId("59355wee02264c05ba422c0d"),
              "a" : "asdasdasd",
              "c" : "DB_test_stg",
              "o" : "iii",
              "p" : "DB",
              "v" : NumberLong(asdad)
      }
      

      *+This is the role privilege of the account
      +*

      {
                              "_id" : "$external.<credentials>",
                              "user" : "<credentials>",
                              "db" : "$external",
                              "roles" : [
                                      {
                                              "role" : "__system",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "read",
                                              "db" : "counters"
                                      },
                                      {
                                              "role" : "createIndexOntestCol",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "readWritetestCol",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "root",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "readAnyDatabase",
                                              "db" : "admin"
                                      },
                                      {
                                              "role" : "listandCreateIndexOntestCol",
                                              "db" : "admin"
                                      }
                              ]
                      }
      

            Assignee:
            mark.agarunov Mark Agarunov
            Reporter:
            weishan Wei Shan Ang
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: