As stated in the title, I am using django-mongodb-engine and I am attempting to configure the native Django authentication framework. I've read some comments online that it should work out of the box sans some features. However, I couldn't find any tutorials and, furthermore, I am getting errors on trying to set it up on my own. The issue I'm having most certainly has to do with database permissions. I have included the Django middleware and apps per the Django docs. However, when I issue the syncdb command it fails with an error.
$ python manage.py syncdb
OperationFailure: database error: not authorized for query on MyDB.system.namespaces
settings.py
DATABASES = {
'default': {
'ENGINE': 'django_mongodb_engine',
'NAME': 'MyDB',
'USER': 'mySuperUser',
'PASSWORD': 'mypass',
'HOST': 'XXX.XXX.XXX.XXX',
'PORT': '',
},
# some other DBs
}
Mongo User Permissions
myDB> db.system.users.find()
{ "_id" : ObjectId("..."), "user" : "mySuperUser", "pwd" : "...", "roles" : [ "readWriteAnyDatabase", "userAdminAnyDatabase", "dbAdminAnyDatabase", "clusterAdmin" ] }
I'm not sure what other permissions I can grant this guy, and/or where else I need to create this user.
Any ideas?
After playing around, here is the solution. You must use the native mongo admin database. Thus, the required changes:
# settings.py
DATABASES = {
'default': {
'ENGINE': 'django_mongodb_engine',
'NAME': 'admin',
'USER': 'mySuperUser',
'PASSWORD': 'mypass',
'HOST': 'XXX.XXX.XXX.XXX',
'PORT': '',
},
# some other DBs
}
The user mySuperUser must naturally exist on the admin database. To be safe regarding authentication actions such as adding and removing users, I gave it the userAdminAnyDatabase privilege in mongo. The privileges are probably excessive, but I'd have to play with it to determine the proper scope of the required permissions. Here are the permissions:
// mongo
admin> db.system.users.find()
{ "_id" : ObjectId("..."), "pwd" : "...", "roles" : [ "readWriteAnyDatabase", "dbAdminAnyDatabase", "clusterAdmin", "userAdminAnyDatabase" ], "user" : "mySuperUser" }
Next, we can finally run the syncdb command:
$ python manage.py syncdb
Creating tables ...
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'someUser'):
Email address: [email protected]
Password:
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installing indices for admin.LogEntry model.
Installing indices for auth.Group_permissions model.
Installing indices for auth.Group model.
Installing indices for auth.User_groups model.
Installing indices for auth.User_user_permissions model.
Installing indices for auth.User model.
Installing indices for sessions.Session model.
Installed 0 object(s) from 0 fixture(s)
$