How to Migrate users from MONGODB-CR to SCRAM-SHA-1?

By / mongodb / Leave a Comment
Connect with

How to migrate users from MONGODB-CR to SCRAM-SHA-1How to migrate users from MONGODB-CR to SCRAM-SHA-1 , when you upgrade mongoDB from version less than or equal to 2.6 to higher. Step by step to migrate user to authenticate to new one.

1. Why you migrate users from MONGODB-CR to SCRAM-SHA-1

This article about migrating from one to another, here one to another is only directional, not applicable from bi-directional, what does it mean? It means you can migrate from MONGODB-CR to SCRAM-SHA-1 , not vice versa. Be careful once you migrated you can not go back to the initial state.

Migration From MONGODB-CR to SCRAM-SHA-1 is a one step process in mongoDB. And its very easy process.
You know, for authentication and authorization you must have to stick some mechanism either MONGODB-CR or SCRAM-SHA-1 depends upon the virsion of mongoDB you are using.

  • If a 2.6 system (with existing user data) was upgraded to a 3.0+ system via the replacement of the mongod binary. In this scenario all old and new users will use MONGODB-CR until db.adminCommand({authSchemaUpgrade: 1}) is ran.
  • If a new 3.0+ system imports user data from a 2.6 or older system. In this senario all old users will use MONGODB-CR and all new users will use SCRAM-SHA-1.

2. How to check SCRAM-SHA-1 or MONGODB-CR auth

mongod.conf file entry as follows:

security:
  authorization: enabled
  keyFile: /path/to/keyfile/rskey

To find users with SCRAM-SHA-1 auth:

use admin;
db.system.users.find({ "credentials.SCRAM-SHA-1" : { $exists: true}}, { user: 1, db: 1})

To find users with the older MONGODB-CR auth:

use admin;
db.system.users.find({ "credentials.MONGODB-CR" : { $exists: true}}, { user: 1, db: 1})

3. Command to Migrate to SCRAM-SHA-1

Following is the command which need to run on your mongo shell.

db.adminCommand({authSchemaUpgrade: 1})

4. Conclusion of migration from MONGODB-CR to SCRAM-SHA-1

Be careful while running above command , it is a destructive process. It means, once you run the authSchemaUpgrade, you cannot get back the original MONGODB-CR credentials.

Note: Once you’ve upgraded to 3.0+, and run this command, now you can’t go back to 2.6 ( MONGODB-CR authentication mechanism.

Reference

You can visit docs.mongodb.com for more details.

Thanks for visiting this post for migrate users from MONGODB-CR to SCRAM-SHA-1. You can also visit MongoDB Tutorial Listing page for more articles on MongoDB document-oriented database.

Happy Learning! 🙂


Connect with

Leave a Comment

Your email address will not be published. Required fields are marked *