Can not auth using MongoDB

[p-diogo]

Hello everybody!

I've been trying to use MongoDB auth, but I keep getting the message

vernemq_1         | 2017-07-05 10:29:26.660 [error] <0.428.0>@vmq_mqtt_fsm:check_user:536 can't authenticate client {[],<<"test-client">>} due to
vernemq_1         |                                 no_matching_hook_found

Here is my service configuration (in docker-compose.yml):

 vernemq:
    image: erlio/docker-vernemq:1.1.0
    ports:
     - "1883:1883"
    environment:
      - DOCKER_VERNEMQ_PLUGINS__VMQ_DIVERSITY=on
      - DOCKER_VERNEMQ_PLUGINS__VMQ_PASSWD=off
      - DOCKER_VERNEMQ_PLUGINS__VMQ_ACL=off
      - DOCKER_VERNEMQ_VMQ_DIVERSITY__MONGODB__HOST=mongodb
      - DOCKER_VERNEMQ_VMQ_DIVERSITY__MONGODB__PORT=27017
      - DOCKER_VERNEMQ_VMQ_DIVERSITY__MONGODB__DATABASE=xxx
      - DOCKER_VERNEMQ_VMQ_DIVERSITY__MONGODB__LOGIN=yyy
      - DOCKER_VERNEMQ_VMQ_DIVERSITY__MONGODB__PASSWORD=zzz
    depends_on:
      mongodb:
        condition: service_started
    restart: on-failure

and I'm pretty sure my users were added to MongoDB's vmq_acl_auth collection (on the xxx DB) with passhash stored encrypted using bcrypt v.2a:

> db.vmq_acl_auth.find().pretty()
{
        "_id" : ObjectId("595cbb0e4dda7a46ea9ea46f"),
        "mountpoint" : "/",
        "client_id" : "test-client",
        "username" : "test-user2",
        "passhash" : "$2a$12$uig5H./AO6fP1Qs1IYiLR.mWmZkS57xoZGyxStuh4/6Q1zTZ5Gkim",
        "subscribe_acl" : [
                {
                        "pattern" : "a/#"
                }
        ]
}

Also, should MongoDB store passhashas in "passhash" : "$2a$12$uig5H./AO6fP1Qs1IYiLR.mWmZkS57xoZGyxStuh4/6Q1zTZ5Gkim", or as binary data, such as "passhash" : BinData(0,"JDJhJDEyJHVpZzVILi9BTzZmUDFRczFJWWlMUi5tV21aa1M1N3hvWkd5eFN0dWg0LzZRMXpUWjVHa2lt"),? Regardless, I've tried both and they have both failed.

Any help is much appreciated!

[ioolkos]

Hm, VerneMQ doesn't find any auth hook here. Is the diversity plugin activated? and the default auth plugins off?

https://vernemq.com/docs/configuration/db-auth.html

[ioolkos]

Ah, one additional point: vmq_diversity.auth_mongodb.enabled = on in vernemq.conf!

My bad!

[p-diogo]

vmq_diversity.auth_mongodb.enabled = on in vernemq.conf!

Ok, thanks! I've enabled this as ENV VAR like - DOCKER_VERNEMQ_VMQ_DIVERSITY__AUTH_MONGODB__ENABLED=on

and I can see it is attempting to authenticate, but it is failing:

mongodb_1         | 2017-07-05T14:56:49.479+0000 I NETWORK  [thread1] connection accepted from 172.18.0.3:60087 #100 (5 connections now open)
mongodb_1         | 2017-07-05T14:56:49.515+0000 I ACCESS   [conn93] SCRAM-SHA-1 authentication failed for embers-demo on embers-lwm2m from client 172.18.0.3:33497 ; AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
mongodb_1         | 2017-07-05T14:56:49.549+0000 I -        [conn93] end connection 172.18.0.3:33497 (5 connections now open)

I'm pretty sure those credentials are ok, as can successfully connect with any other mongodb client. vernemq could not even auth when using a MongoDB Administrator user on the admin DB. Is it authenticating using CR instead of the "new" SCRAM-SHA-1 (https://docs.mongodb.com/v3.0/core/authentication-mechanisms/#authentication-mechanisms) ?

[dergraf]

I have just checked the version of the MongoDB client library we're using is actually quite old and should be updated asap. The 'old' version doesn't even know about SCRAM-SHA-1 ;) Hoping to fix this issue soon.

[dergraf]

Also a ton of other features were added to the client, especially those for cluster topologies ... we might want to give our mongo-support a refresher..

[dergraf]

Closing in favor of https://github.com/erlio/vernemq/issues/436