Sametime 12.0 and MongoDB Authorization Enabled

anon-2127 · November 8, 2022, 12:51pm

Just Configured and successfully running new sametime 12.0FP1 for Docker include MongoDB 4.4.17 in my test environment. Now trying to enable MongoDB Authorization to enabled using below config,

#/etc/mongod.conf
security:
authorization: enabled
keyFile: /var/lib/mongo/mongodb.key

After enabling Authorization, Failed to login Sametime using both Rich client and browser client.

Community log shows below error messages,

community_1 | stconvomap 2022-11-08 12:29:22.988 INFO 0 --- 1 : MongoMemberManager : Membership removal agent is enabled. Removal frequency is [60]
community_1 | MongoDB Change Stream Listener [com.mongodb.client.internal.MongoDatabaseImpl@84174f30] [com.mongodb.client.internal.MongoCollectionImpl@e9e05897]
community_1 | stconvomap 2022-11-08 12:29:22.996 INFO 0 --- 1 : init : done with init
community_1 | stconvomap 2022-11-08 12:29:23.003 INFO 0 --- 34 : run : INFO - starting to watch for Mongo updates
community_1 | stserver 2022-11-08 12:29:41.917 WARN 65 --- 140034719247360 : Essential Service Not provided: 37 , count: 0
community_1 | stconvomap 2022-11-08 12:30:23.054 INFO 0 --- 33 : MongoMemberManager - Membership cleanup : Number of records deleted: 0
community_1 | stlogger 2022-11-08 12:30:54.185 INFO 71 --- 139801511203520 : Loading STLogResource library: [/local/notesdata/stlogresources.res],
community_1 | stlogger 2022-11-08 12:30:54.186 INFO 71 --- 139801511203520 : Successfully loaded resource dll. [/local/notesdata/stlogresources.res],
community_1 | stlog 2022-11-08 12:30:54.187 INFO 71 --- 139801511203520 : LoginFailed userName=CN=test1,O=demo organization= IP=172.20.0.4 app=(0x14c3)(5315) reason=(0x80000214)

Disabling the mongodb authorization resolve the login problem.

Custom.env setting,

# Mongo DB connection URL
MONGO_URL=mongodb://sametimeUser:sametime@10.10.10.20:27017

Any help, why login fail when authorization: enabled in mongodb?

JenIM · November 8, 2022, 2:08pm

Please ensure MongoDB is also configured to use SSL.

Reference https://www.mongodb.com/docs/manual/tutorial/configure-ssl/ for more information.

anon-1885 · November 8, 2022, 4:02pm

@Khandakar Faisal

this is best handled via a case. As your configuration will need to be reviewed.

as you can see the logs state

community_1 | stlog 2022-11-08 12:30:54.187 INFO 71 --- 139801511203520 : LoginFailed userName=CN=test1,O=demo organization= IP=172.20.0.4 app=(0x14c3)(5315) reason=(0x80000214)

this error means that "verification service down"

See https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0037378

for Explanation of error codes associated with Sametime Community Services.

Please let me know if this was helpfull

anon-2127 · November 23, 2022, 11:36am

Ok, found a solution, adding a new roles to admin db as root resolve the issue, not sure if its the correct ways,

db.grantRolesToUser('sametimeUser', [{ role: 'root', db: 'admin' }])

Any help, is its ok?