Login
Contents x
Secure MongoDB Connectivity in Local AAA
  • 29 Mar 2024
  • Dark
    Light
  • PDF
Contents

Secure MongoDB Connectivity in Local AAA

  • Updated on 29 Mar 2024
  • Dark
    Light
  • PDF
Article summary

Use this section to set up the Local AAA adapter in IAP using a password and SSL protected MongoDB.

Note: The information presented here assumes MongoDB is not using authorization.

  1. Set up the Admin user.

    db.createUser(
{
    "user":"admin",
    "pwd":"password",
    "roles":[
        {
            "role":"root",
            "db":"admin"
        },
        {
            "role":"userAdminAnyDatabase",
            "db":"admin"
        },
        {
            "role":"clusterMonitor",
            "db":"admin"
        },
        {
            "role":"dbOwner",
            "db":"LocalAAA"
        },
        {
            "role":"dbOwner",
            "db":"pronghorn"
        }
    ]
}
)

  2. Set up the Pronghorn user.

    db.createUser(
{
    "user":"pronghorn",
    "pwd":"password",
    "roles":[
        {
            "role":"dbOwner",
            "db":"pronghorn"
        },
        {
            "role":"dbOwner",
            "db":"LocalAAA"
        },
        {
            "role":"clusterMonitor",
            "db":"admin"
        }
    ]
}
)

  3. Set up the local AAA user.

    db.createUser(
{
    "user":"localaaa_user",
    "pwd":"pronghorn",
    "roles":[
        {
            "role":"dbOwner",
            "db":"LocalAAA"
        }
    ]
}
)

  4. Modify the mongod.conf file to turn on authorization.

    /etc/mongod.conf

    # network interfaces
net:
    port: 27017
    bindIp: 0.0.0.0  
# Listen to local interface only, comment to listen on all interfaces.
security:
    authorization: enabled

  5. Modify the properties.json file.

    /opt/pronghorn/current/properties.json

    "id": "profile1",
"mongoProps": {
    "credentials": {
    "dbAuth": true,
    "passwd": "password",
    "user": "pronghorn"
    },
    "db": "pronghorn",
    "url": "mongodb://127.0.0.1:27017"
}

  6. Modify properties for the MongoDB adapter via IAP (navigate to Admin Essentials > Adapters).

    "properties": {
    "id": "mongo",
    "properties": {
        "credentials": {
            "dbAuth": true,
            "passwd": "password",
            "user": "pronghorn"
        },
        "db": "pronghorn",
        "url": "mongodb://127.0.0.1:27017"
    },

  7. Modify Local AAA properties.

    Note: In this example, "pronghorn" was used for the password. This is consistent with how the Local AAA user was set in Step 3 above.

    "properties": {
    "id": "Local AAA",
    "type": "local_aaa",
    "properties": {
        "database": {
            "db": "LocalAAA",
            "url": "mongodb://127.0.0.1:27017",
            "credentials": {
                "dbAuth": true,
                "passwd": "pronghorn",
                "user": "localaaa_user"
            }
        }
    },
    "brokers": [
        "aaa"
    ],
    "groups": []
},

  8. Restart MongoDB.

    systemctl restart mongod

  9. Stop Pronghorn (Itential).

    systemctl stop pronghorn

  10. Start Pronghorn (Itential).

    systemctl start pronghorn

  11. Check status of Pronghorn (Itential).

    systemctl status pronghorn
Was this article helpful?
What's Next
Privacy Policy
Cookie Policy
Terms of Use
EULA
Copyright © 2022 Itential for Developers
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout