Secure MongoDB Connectivity in Local AAA
- 29 Mar 2024
-
DarkLight
-
PDF
Secure MongoDB Connectivity in Local AAA
- Updated on 29 Mar 2024
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Use this section to set up the Local AAA adapter in IAP using a password and SSL protected MongoDB.
Note: The information presented here assumes MongoDB is not using authorization.
-
Set up the Admin user.
db.createUser( { "user":"admin", "pwd":"password", "roles":[ { "role":"root", "db":"admin" }, { "role":"userAdminAnyDatabase", "db":"admin" }, { "role":"clusterMonitor", "db":"admin" }, { "role":"dbOwner", "db":"LocalAAA" }, { "role":"dbOwner", "db":"pronghorn" } ] } )
-
Set up the Pronghorn user.
db.createUser( { "user":"pronghorn", "pwd":"password", "roles":[ { "role":"dbOwner", "db":"pronghorn" }, { "role":"dbOwner", "db":"LocalAAA" }, { "role":"clusterMonitor", "db":"admin" } ] } )
-
Set up the local AAA user.
db.createUser( { "user":"localaaa_user", "pwd":"pronghorn", "roles":[ { "role":"dbOwner", "db":"LocalAAA" } ] } )
-
Modify the
mongod.conf
file to turn on authorization./etc/mongod.conf
# network interfaces net: port: 27017 bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces. security: authorization: enabled
-
Modify the
properties.json
file./opt/pronghorn/current/properties.json
"id": "profile1", "mongoProps": { "credentials": { "dbAuth": true, "passwd": "password", "user": "pronghorn" }, "db": "pronghorn", "url": "mongodb://127.0.0.1:27017" }
-
Modify properties for the MongoDB adapter via IAP (navigate to Admin Essentials > Adapters).
"properties": { "id": "mongo", "properties": { "credentials": { "dbAuth": true, "passwd": "password", "user": "pronghorn" }, "db": "pronghorn", "url": "mongodb://127.0.0.1:27017" },
-
Modify Local AAA properties.
Note: In this example, "pronghorn" was used for the password. This is consistent with how the Local AAA user was set in Step 3 above.
"properties": { "id": "Local AAA", "type": "local_aaa", "properties": { "database": { "db": "LocalAAA", "url": "mongodb://127.0.0.1:27017", "credentials": { "dbAuth": true, "passwd": "pronghorn", "user": "localaaa_user" } } }, "brokers": [ "aaa" ], "groups": [] },
-
Restart MongoDB.
systemctl restart mongod
-
Stop Pronghorn (Itential).
systemctl stop pronghorn
-
Start Pronghorn (Itential).
systemctl start pronghorn
-
Check status of Pronghorn (Itential).
systemctl status pronghorn
Was this article helpful?