How to Migrate users from MONGODB-CR to SCRAM-SHA-1?

Connect with

How to Migrate users from MONGODB-CR to SCRAM-SHA-1? This article about migrating from one to another, here one to another is only directional , not applicable from bi-directional, what does it mean? It means you can migrate from MONGODB-CR to SCRAM-SHA-1 , not vice versa. Be careful once you migrated you can not go back to initial state.

Migration From MONGODB-CR to SCRAM-SHA-1 is a one step process in mongoDB. And its very easy process.

1. Why you migrate from MONGODB-CR to SCRAM-SHA-1

You know, for authentication and authorization you must have to stick some mechanism either MONGODB-CR or SCRAM-SHA-1 depends upon the virsion of mongoDB you are using.

  • If a 2.6 system (with existing user data) was upgraded to a 3.0+ system via the replacement of the mongod binary. In this scenario all old and new users will use MONGODB-CR until db.adminCommand({authSchemaUpgrade: 1}) is ran.
  • If a new 3.0+ system imports user data from a 2.6 or older system. In this senario all old users will use MONGODB-CR and all new users will use SCRAM-SHA-1.

2. How to check SCRAM-SHA-1 or MONGODB-CR auth

mongod.conf file entry as follows:

security:
  authorization: enabled
  keyFile: /path/to/keyfile/rskey

To find users with SCRAM-SHA-1 auth:

use admin;
db.system.users.find({ "credentials.SCRAM-SHA-1" : { $exists: true}}, { user: 1, db: 1})

To find users with the older MONGODB-CR auth:

use admin;
db.system.users.find({ "credentials.MONGODB-CR" : { $exists: true}}, { user: 1, db: 1})

3. Command to Migrate to SCRAM-SHA-1

Following is the command which need to run on your mongo shell.


db.adminCommand({authSchemaUpgrade: 1})

4. Conclusion of migration from MONGODB-CR to SCRAM-SHA-1

Be careful while running above command , it is a destructive process. It means, once you run the authSchemaUpgrade, you cannot get back the original MONGODB-CR credentials.

Note: Once you’ve upgraded to 3.0+, and run this command, you can’t go back to 2.6 ( MONGODB-CR authentication mechanism.


Connect with

Leave a Reply

Your email address will not be published. Required fields are marked *