我正在尝试使用Perl脚本连接Mongodb服务器(使用SSL),但连接失败。
use strict;
use IO::Socket::SSL;
use MongoDB;
use MongoDB::OID;
my $client = MongoDB::MongoClient->new(
host => 'mongodb://username:password@ip_address1:port_number, ip_address2:port_number,ip_address3:port_number/myDB?ssl=true&replicaSet=mongo123',
ssl => {
SSL_ca_file => " certificates/chain_prod.pem",
SSL_cert_file => " certificates/cert.pem",
},
auth_mechanism => "MONGODB-X509",
username => " CN=XXXXXXXXXXX,OU=XXXXXXXX,O=XXXXXXX,ST=XXXXXXXXXX,C=XX ",
# using openssl x509 -in certs/client.pem -inform PEM -subject -nameopt RFC2253
);
my $db = $client->get_database( "mydb" );
my $coll = $db->get_collection( "customers" );
my $messages = $coll->find;
while ( my $msg = $messages->next ) {
print $msg;
}
NPP_EXEC:“运行Perl”
NPP_SAVE:C:\ Users \ royabhix \ Desktop \ perl_program \ MysqlDataBaseConnection.pl
CD:C:\ Users \ royabhix \ Desktop \ perl_program
当前目录:C:\ Users \ royabhix \ Desktop \ perl_program
C:\ perl64 \ bin \ perl“ MysqlDataBaseConnection.pl”
流程已开始(PID = 11400)>>>
MongoDB :: UsageError:在(eval 595)行291处的MONGODB-X509凭据中的字段密码无效。
MongoDB :: _ Credential :: new(undef,“ mechanism”,“ MONGODB-X509”,“ mechanism_properties”,HASH(0x5935f10),“ username”,“ user123”,“ password”,...)在C:/调用Perl64 / site / lib / MongoDB / MongoClient.pm第1181行
在(eval 450)第21行调用的MongoDB :: MongoClient :: _ build__credential(MongoDB :: MongoClient = HASH(0x594db50))
MongoDB :: MongoClient :: _ credential(MongoDB :: MongoClient = HASH(0x594db50))在C:/Perl64/site/lib/MongoDB/MongoClient.pm行1149调用
在(eval 446)第21行调用的MongoDB :: MongoClient :: _ build__topology(MongoDB :: MongoClient = HASH(0x594db50))
MongoDB :: MongoClient :: _ topology(MongoDB :: MongoClient = HASH(0x594db50))在C:/Perl64/site/lib/MongoDB/MongoClient.pm第1291行调用
在(eval 590)第1014行调用的MongoDB :: MongoClient :: BUILD(MongoDB :: MongoClient = HASH(0x594db50),HASH(0x62e87f8))
MongoDB :: MongoClient :: new(undef,“ host”,“ mongodb:// username1:password123 \ @ip_address:port_number,1” ...,“ ssl”,HASH(0xa5dc68),“ auth_mechanism”,“ MONGODB- X509“,”用户名“,...)在MysqlDataBaseConnection.pl第4行调用
<<<处理完成(PID = 11400)。 (退出代码255)================ READY ===============
use MongoDB ();
use Data::Dumper qw(Dumper);
my $client = MongoDB::MongoClient->new(host => 'localhost', port => 27017);
my $db = $client->get_database( 'mydb');
my $messages_coll = $db->get_collection('customers');
my $messages = $messages_coll->find;
while (my $p = $messages->next) {
print Dumper $p;
}
NPP_EXEC: "Run Perl"
NPP_SAVE: C:\Users\royabhix\Desktop\perl_program\MongoDBConnection.pl
CD: C:\Users\royabhix\Desktop\perl_program
Current directory: C:\Users\royabhix\Desktop\perl_program
C:\perl64\bin\perl "MongoDBConnection.pl"
Process started (PID=16796) >>>
$VAR1 = {
'password' => 'intel123',
'username' => 'rpn',
'_id' => bless( {
'value' => '5b3b96ea7517d164f102d614'
}, 'MongoDB::OID' )
};
$VAR1 = {
'_id' => bless( {
'value' => '5b3b96f27517d164f102d615'
}, 'MongoDB::OID' ),
'username' => 'faizkhax',
'password' => 'intel456'
};
$VAR1 = {
'_id' => bless( {
'value' => '5b3b96f27517d164f102d616'
}, 'MongoDB::OID' ),
'username' => 'kunal',
'password' => 'intel789'
};
<<< Process finished (PID=16796). (Exit code 0)
================ READY ================
任何帮助将不胜感激。预先谢谢你
答案 0 :(得分:1)
您的错误消息来自以下行: https://metacpan.org/source/MONGODB/MongoDB-v2.0.0/lib/MongoDB/_Credential.pm#L211
如果您研究上面的代码,则会发现它取决于:
'MONGODB-X509' => {
password => sub { ! length },
source => sub { $_ eq '$external' },
mechanism_properties => sub { !keys %$_ },
},
这意味着您在使用MONGODB-X509
身份验证方案时,不应提供密码,因为如果存在密码,sub { ! length }
将触发并生成错误。
我猜想密码是在host
参数中从您的URL中删除的,所以尝试使用:
host => 'mongodb://username@ip_address1:port_number, ip_address2:port_number,ip_address3:port_number/myDB?ssl=true&replicaSet=mongo123'
(如果使用证书,用户名本身实际上可能是无关紧要的)
https://metacpan.org/pod/MongoDB::MongoClient#MONGODB-X509-(for-SSL-client-certificate)上的手册页给出了以下示例:
my $mc = MongoDB::MongoClient->new(
host => "mongodb://sslmongo.example.com/",
ssl => {
SSL_ca_file => "certs/ca.pem",
SSL_cert_file => "certs/client.pem",
},
auth_mechanism => "MONGODB-X509",
username => "CN=XXXXXXXXXXX,OU=XXXXXXXX,O=XXXXXXX,ST=XXXXXXXXXX,C=XX"
);
顺便说一句,确切地说,这不是TLS(比SSL更好的名称)问题,它是与使用X.509证书进行身份验证有关的问题。