Authentication not against admin db when copying database

Question

I have a remote DB using authentication and a local one without. I try to copy a database form remote to local using:

{ "copydb" : "1" , "fromdb" : "aaa" , "todb" : "aaa-test" , "fromhost" : "remotehost:27017" , "username" : "johndoe" , "nonce" : "2aa39a862a92bea6" , "key" : "2bbfe213664310fb7c36bf7f41195b81"}

The nonce was create before like stated in the docs. The johndoe user exists in the admin database and has the right to create and write new databases like the "aaa". When I try to copy the database with the above command, I get a

{ "serverUsed" : "localhost:27020" , "ok" : 0.0 , "errmsg" : "unable to login { ok: 0.0, errmsg: \"auth failed\", code: 18 }"}

and the logs are printing

 Failed to authenticate johndoe@aaa with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user johndoe@aaa

For me, it seems that the copy command is using the fromDB as source of the user authentication. Is it possible to define the auth db separately?

Answer 1

No, unfortunately it's not possible, as per Mongo's Documentation:

When authenticating to the fromhost instance, copydb uses the fromdb as the authentication database for the specified user

And the Same story with copyDatabase() command.

Personally, I came up with dump/restore commands to copy database to another machine. For example, to copy remote DB to localhost:

1. Dump target DB to dump/ directory :

   $ mongodump -u DB_USERNAME -p DB_PASSWORD --authenticationDatabase admin --db DB_NAME --host HOST.EXAMPLE.COM --port 27017
   

2. Restore database from dump/DB_NAME:

   $ mongorestore --db DB_NAME --host localhost --port 27017 --dir dump/DB_NAME/
   

You workaround with temporary User would also work for sure, I just didn't want to touch remote database in any way

Answer 2

You need to run copydb in the admin database of the destination server.