possible to connect to atlas shared?

danielkuettner · 2020-10-25 16:28:27

Hi Arnaud,

is mORMot prepared for this?

I got a connection but auth isn't possible (code 8000).

Connecting with mongo shell shows connecting to 3 servers (1 primary and 2 secondaries)

mongodb://xxxx-shard-00-00.yahvx.mongodb.net:27017,xxxx-shard-00-01.yahvx.mongodb.net:27017,xxxx-shard-00-02.yahvx.mongodb.net:27017/test?authSource=admin&compressors=disabled&gssapiServiceName=mongodb&replicaSet=atlas-midqwv-shard-0&ssl=true

connectionstring should be:

"mongodb+srv://username:<password>@clustername.yahvx.mongodb.net/<dbname>?retryWrites=true&w=majority"

I've set hostname to xxxx-shard-00-00.yahvx.mongodb.net
and then OpenAuth('dbname', 'username', 'pass')

but I don't know if this is ok.

Thx,
Daniel

danielkuettner · 2020-10-25 16:52:38

Now I can connect, but Command to Database results in

'{"ok":0,"errmsg":"user is not allowed to do action [find] on [Rottler.revenuesSalesOrders]","code":8000,"codeName":"AtlasError"}'

but user is Admin and definitely able to to this.

Is there anything other to note or does Database:= OpenAuth() and Database.RunCommand should be enough?

ab · 2020-10-25 17:36:41

Primary/secondary servers are somewhat prepared, but we never tested it.
The connection string used by our unit is not following the MongoDB standard.
Perhaps some extension is needed for full testing and support of the connection.

danielkuettner · 2020-10-25 17:58:08

Now I've understand the field SecondaryHostCSV and looked at the older driver connectionstrings.

There are 3 connections for the replicaSet and mORMot has 3 connections within the TMongoClient.

AuthSource should be admin. OpenAuth seems to work. I got a Database returned.
Now I Database.Client.Connections[0].RunCommand('RealDB',BSONVariant('{aggregate:"revenuesSalesOrders",pipeline:[{$match:{TaskTypeID:2}},],cursor:{}}'),v1);

Here it hangs at line

if not fSocket.TrySockRecv(@Header,HeaderLen) then (procedure TMongoConnection.GetReply(Request: TMongoRequest; out result: TMongoReply))

It would be a very nice, if mORMot could connect to Atlas because for a Share I've to work with 9 machines.

Perhaps you are willing to implement it?

Last edited by danielkuettner (2020-10-25 18:28:38)

ab · 2020-10-26 08:33:11

Which version of mORMot are you using?
I fixed some problems a few weeks ago IIRC.

danielkuettner · 2020-10-26 09:29:00

9482 from 2020-06-17
I'll try current version and give you a feedback.

But for cluster we have to use DNS -type=SRV to get the IPs of the replica members. For Windows there is a function in windns.h.

danielkuettner · 2020-10-26 09:43:58

With current mORMot I get an Exception in 5455 SynMongoDB (Header fields are all 0).

danielkuettner · 2020-10-26 10:14:24

It seem to work. I can connect, authenticate, insert documents and aggregate them.

But how can I change the Database? The logic is actually OpenAuth and get a Database. Make request on the returned database. But OpenAuth needs database admin?

Last edited by danielkuettner (2020-10-26 10:35:37)

danielkuettner · 2020-10-26 15:27:19

After upgrade M0 to M10 I cannot do OpenAuth (Error in SynWinSock at 1709 -> HandshakeLoop(aSocket).

The connectionstring hasn't changed generally, but replica set members got different url's (after upgrade to M10).

In server log I've found ->DisabledProtocols: "TLS1_0,TLS1_1"

Any ideas?

Last edited by danielkuettner (2020-10-26 16:40:49)

danielkuettner · 2020-10-27 06:53:27

TLS version isn't the issue. I've turned back to TLS 1.0 in Atlas and cannot do OpenAuth

When I use free version (M0) in HandshakeLoop (1740) res has 590610 ($00090312).
With M10 res has 590624 ($00090320) -> SEC_I_INCOMPLETE_CREDENTIALS?

@Ab
Possible this link could help?
https://stackoverflow.com/questions/474 … als-unexpe

Sorry, now I've seen your comment in SynWinSock (1748)! This is what I need here.

Last edited by danielkuettner (2020-10-27 07:52:55)

danielkuettner · 2020-10-27 08:21:07

Now it seems to work. After getting SEC_I_INCOMPLETE_CREDENTIALS I run InitializeSecurityContext again and get SEC_I_CONTINUE_NEEDED (as at using M0 version of Atlas).

ab · 2020-10-27 09:05:26

Nice catch!

Can you send a pull request to github?

danielkuettner · 2020-10-27 10:20:37

All right!

danielkuettner · 2020-10-27 10:53:38

But nevertheless I need the possibility for TMongoDatase.RunCommand to select the Databasename over a param.

Otherwise the OpenAuth should do the trick and use the admin database in background.

danielkuettner · 2020-11-01 13:39:04

I've made a pull request on GitHub #326 to read from Slaves:

MongoDB.Client.Connections[0].RunCommand('DatabaseName', Command, Res, [mqfSlaveOk]);

danielkuettner · 2020-11-01 16:45:44

I've made another pull request for using all connections of a cluster.

mORMot Open Source

#1 2020-10-25 16:28:27

possible to connect to atlas shared?

#2 2020-10-25 16:52:38

Re: possible to connect to atlas shared?

#3 2020-10-25 17:36:41

Re: possible to connect to atlas shared?

#4 2020-10-25 17:58:08

Re: possible to connect to atlas shared?

#5 2020-10-26 08:33:11

Re: possible to connect to atlas shared?

#6 2020-10-26 09:29:00

Re: possible to connect to atlas shared?

#7 2020-10-26 09:43:58

Re: possible to connect to atlas shared?

#8 2020-10-26 10:14:24

Re: possible to connect to atlas shared?

#9 2020-10-26 15:27:19

Re: possible to connect to atlas shared?

#10 2020-10-27 06:53:27

Re: possible to connect to atlas shared?

#11 2020-10-27 08:21:07

Re: possible to connect to atlas shared?

#12 2020-10-27 09:05:26

Re: possible to connect to atlas shared?

#13 2020-10-27 10:20:37

Re: possible to connect to atlas shared?

#14 2020-10-27 10:53:38

Re: possible to connect to atlas shared?

#15 2020-11-01 13:39:04

Re: possible to connect to atlas shared?

#16 2020-11-01 16:45:44

Re: possible to connect to atlas shared?

Board footer