Enhanced Security Using LDAP Authentication

在本次网络研讨会中,我们将演示如何在使用LDAP身份验证的安全副本集中为MongoDB配置Percona服务器。
LDAP身份验证允许您使用单个密码服务器对用户进行身份验证。仅在MongoDB Enterprise上可用,但Percona为MongoDB免费提供了此功能。

展开查看详情

1.

2.● ● ● ● ● ● ● ●

3.

4.

5.read readWrite dbAdmin dbOwner userAdmin clusterAdmin clusterMonitor clusterManager hostManager backup restore readAnyDatabase readWriteAnyDatabase userAdminAnyDatabase dbAdminAnyDatabase root __system

6.use admin db.createUser({user :'admin', pwd: '123', roles : ["root"]})

7.use admin db.createUser({user :'admin', pwd: 'mypass', roles : ["readAnyDatabase"]})

8.

9.db.system.users.find().pretty() { "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "ZuACyMJlu/s0dJpFzsp70Q==", "storedKey" : "zwFmdoqRCVfirWBbR1Ow1wg+HHk=", "serverKey" : "nqXAVQxV/qCWtoh5R/g5X+Fz99A=" } }, "roles" : [ { "role" : "root", "db" : "admin" } ] }

10.

11.http://www.openldap.org/doc/admin22/intro.html

12.

13.> db.getSiblingDB(" $external").createUser({ user : 'support', roles: [ {role : "read", db: 'percona'} ] }) Successfully added user: { "user" : "support", "roles" : [ { "role" : "read", "db" : "percona" } ] }

14.db.getSiblingDB(" $external").auth( { mechanism: "PLAIN", user: 'support', pwd: '123', digestPassword: false } )

15.● ●

16.● ● ● ●

17.

18.DATABASE PERFORMANCE MATTERS