MongoDB

    Plugin:

    TIP

    The emqx_auth_mongo plugin also includes ACL feature, which can be disabled via comments

    To enable MongoDB authentication, you need to configure the following in :

    1. # etc/plugins/emqx_auth_mongo.conf
    3. ## MongoDB Architecture type
    4. ##
    5. ## Value: single | unknown | sharded | rs
    6. auth.mongo.type = single
    8. ##rs mode needs to set rs name
    9. ## auth.mongo.rs_set_name =
    11. ## Server list, which is separated by comma in cluster mode
    12. ## Examples: 127.0.0.1:27017,127.0.0.2:27017...
    13. auth.mongo.server = 127.0.0.1:27017
    15. auth.mongo.pool = 8
    17. auth.mongo.login =
    19. auth.mongo.password =
    21. ## auth.mongo.auth_source = admin
    23. auth.mongo.database = mqtt
    26. ## SSL option
    27. # auth.mongo.ssl = false
    29. ## auth.mongo.ssl_opts.keyfile =
    31. ## auth.mongo.ssl_opts.certfile =
    33. ## auth.mongo.ssl_opts.cacertfile =
    35. ## MongoDB write mode.
    36. ##
    37. ## Value: unsafe | safe
    38. ## auth.mongo.w_mode =
    40. ## Mongo read mode.
    41. ##
    42. ## Value: master | slave_ok
    43. ## auth.mongo.r_mode =
    45. ## MongoDB topology configuration, which is not used generally. See MongoDB official ##website documentation
    46. auth.mongo.topology.pool_size = 1
    47. auth.mongo.topology.max_overflow = 0
    48. ## auth.mongo.topology.overflow_ttl = 1000
    50. ## auth.mongo.topology.local_threshold_ms = 1000
    51. ## auth.mongo.topology.socket_timeout_ms = 100
    52. ## auth.mongo.topology.server_selection_timeout_ms = 30000
    53. ## auth.mongo.topology.wait_queue_timeout_ms = 1000
    54. ## auth.mongo.topology.heartbeat_frequency_ms = 10000
    55. ## auth.mongo.topology.min_heartbeat_frequency_ms = 1000

    In the default configuration of MongoDB authentication, you need to ensure that the database has the following collections:

    The sample data in the default configuration is as follows:

    1. use mqtt
    3. db.mqtt_user.insert({
    4.   "username": "emqx",
    5.   "password": "efa1f375d76194fa51a3556a97e641e61685f914d446979da50a551a4333ffd7",
    6.   "is_superuser": false,
    7.   "salt": ""
    8. })

    After MongoDB authentication is enabled, you can connect with username: emqx, password: public.

    TIP

    MongoDB authentication support to configure :

    During authentication, EMQX Broker will use the current client information to populate and execute the user-configured authentication SQL to query the client’s authentication data in the database.

    MongoDB supported configuration collection name, password field, and selector command

    1. # etc/plugins/emqx_auth_mongo.conf
    3. auth.mongo.auth_query.collection = mqtt_user
    5. ## If salting is enabled, it needs to be configured as password,salt
    6. ## Value:  password | password,salt
    7. auth.mongo.auth_query.password_field = password
    9. auth.mongo.auth_query.selector = username=%u

    You can use the following placeholders in the selector, and EMQX Broker will be automatically populated with client information when executed:

    • %u:Username
    • %c:Client ID
    • %C:TLS certificate common name (the domain name or subdomain name of the certificate), valid only for TLS connections
    • %d:TLS certificate subject, valid only for TLS connections
    1. The query result must include the password field, which is used by EMQX Broker to compare with the client password
    2. MongoDB uses the findOne query command to ensure that the query results you expect are shown in the first data