# MongoDB Authentication

These instructions are for Oracle Linux 7. The commands for other distributions will be different. First install and start MongoDB.

```shell
sudo tee /etc/yum.repos.d/mongodb-org-4.0.repo << EOF
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOF

sudo yum -y install mongodb-org
sudo systemctl start mongod
sudo systemctl enable mongod
```

Then create an `admin` user by first connecting with the mongo cli. Once connected switch to the `admin` database and run the create user command. Change the `PASSWORD` below to a secure random password.

```javascript
mongo
use admin;
db.createUser(
  {
    user: "admin",
    pwd: "PASSWORD",
    roles: [
      "userAdminAnyDatabase",
      "dbAdminAnyDatabase",
      "readWriteAnyDatabase"
    ]
  }
);
```

After the user has been created edit the MongoDB configuration to enable authorization. The net section should be replaced with the section below.

```shell
sudo nano /etc/mongod.conf
security:
  authorization: enabled
```

### Create Pritunl User

Then create a `pritunl` user for the `prituinl` database in the `admin` database. First connect with the mongo cli using the admin account then switch to the `admin` database. Change the `PASSWORD` below to a secure random password. When authenticating from mongo cli tools use `--authenticationDatabase admin`.

**If configuring Pritunl Zero or Pritunl Cloud update the name of the database below.**

```shell
mongo --host subnet.domain.com -u admin --authenticationDatabase admin

use admin;
db.createUser({
  user: "pritunl",
  pwd: "PASSWORD",
  roles: [{role: "dbOwner", db: "pritunl"}]
});
```

Test the new use with the command below.

```shell
mongo --host mongo-test.silicon.red -u pritunl --authenticationDatabase admin pritunl
```

### Connecting to MongoDB

When configuring Pritunl the username, password and ssl option must be added to the MongoDB uri. Such as `mongodb://pritunl:PASSWORD@subnet.domain.com:27017/pritunl?authSource=admin` **If configuring Pritunl Zero or Pritunl Cloud update the name of the database.**

### Authentication Database

If the authentication user is on a different database the `authSource` parameter must be included in the MongoDB uri. Such as `mongodb://pritunl:PASSWORD@subnet.domain.com:27017/pritunl?authSource=admin`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pritunl.com/kb/vpn/system/mongodb-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.