Open timotheecour opened 3 years ago
this is the minimal uri options that work:
mongo "mongodb://myuser:mypass@mongoatlas4-shard-xxx.mongodb.net:27017/admin?ssl=true" --norc
(adding &authMechanism=SCRAM-SHA-1 in uri
also works)
it won't work if i remove ?ssl=true
.
given that nimongo README says ssl is not supported, this could ssl
be the reason? (i also tried with -d:ssl, didnt' help obviously)
_mongoc_cluster_get_auth_cmd_scram
, besides saslStart, mechanism, payload, autoAuthorize, it also adds options{skipEmptyExchange:true}}
to the initial msg; however that didn't help./cc @SSPkrolik My comment in https://github.com/SSPkrolik/nimongo/issues/87#issuecomment-670988161 still holds here; can't nimongo wrap libmongoc for complex parts such as authentication?
Just got finished w my contract work. As top priority, I'll work on getting my fork to work with SHA256 and my Atlas cluster. I'll then apply it to nimongo, which should be quick since much code is still similar.
I'll work on getting my fork to work with SHA256 and my Atlas cluster.
that's great to hear. Note though that the problem may lie elsewhere according to the last experiment in https://github.com/SSPkrolik/nimongo/issues/89#issuecomment-670989242 where I'm using a mongo atlas cluster with version 3.6 for which authMechanism=SCRAM-SHA-1
; so it may relate to ?ssl=true
instead.
Also note the similar issue I reported in https://github.com/mashingan/anonimongo/issues/5 for anonimongo
I got SSL working; but my sandbox account at Atlas is still requiring SHA256; so trying that now...
If curious, the latest commit is here: https://github.com/JohnAD/mongopool/commit/15cf50c1f826e371554c7e95f71fd50a94362d50
First pass was not successful; but I'm not surprised. I suspect I'll be digging into the details of the hashed packets passed back-and-forth during negotiation before I'm done.
I am explicitly passing in the auth mechanism in the URI: mongodb://testuser:PASS@cluster0-shard-00-00-eyjxi.mongodb.net:27017/test?ssl=true&authSource=admin&authMechanism=SCRAM-SHA-256
note: some (partial) success here: https://github.com/mashingan/anonimongo/issues/5#issuecomment-671200396
Seems that this is a bit abandoned repo. You can try to make an issue in my fork. https://github.com/Q-Master/nimongo
There's a fork with atlas support, for reference, at https://GitHub.com/sesco-llc/mongo if it helps.
this issue tracks the 2nd issue mentioned in https://github.com/SSPkrolik/nimongo/issues/87#issuecomment-670798705 to keep https://github.com/SSPkrolik/nimongo/issues/87 focused on
mongodb+srv
.copying over that post for context:
thanks for your quick reply! I've looked at https://www.mongodb.com/blog/post/mongodb-3-6-here-to-SRV-you-with-easier-replica-set-connections?jmp=fcb&utm_source=4244&utm_medium=FBPAGE&utm_term=4&linkId=50841309 and ran the python code mentioned in
We can see how this works in practice on a MongoDB Atlas cluster with a simple Python script.
and extracted the 1st entry, and than verified it works on mongo shell via:but then using that uri fails with nimongo with:
so I guess this is because of your point regarding SCRAM256 vs SCRAM1 ?
just trying to get anything working, happy to use whatever temporary workarounds; any idea of whether I could be using a C/C++ library and wrap that for the
authenticateScramSha1
part?I just tried on M10 (non free tier), I don't see an option for SCRAM1 ? maybe I'm missing something?
links
EDIT: see https://github.com/ba0f3/scram.nim which mentions: Salted Challenge Response Authentication Mechanism (SCRAM-SHA-1 SCRAM-SHA-256 SCRAM-SHA-512)