Skip to content
logo
Percona Backup for MongoDB
Authentication
Initializing search
    percona/pbm-docs
    percona/pbm-docs
    • Home
        • Overview
        • Logical backups and restores
        • Physical backups and restores
        • Selective backup and restore
        • Incremental physical backups
        • Point-in-time recovery
      • Comparison with MongoDB
      • How PBM works
        • PBM architecture
        • pbm-agent
        • PBM CLI
        • PBM control collections
          • Overview
          • Remote backup storage configuration examples
      • Authentication
        • MongoDB connection strings - A Reminder (or Primer)
      • Supported MongoDB deployments
      • Supported MongoDB versions
        • Overview
        • Method 1. From repositories
        • Method 2. Build from source
        • Method 3. Download tarballs
        • Method 4. Deploy on Kubernetes
      • Set up and configure
      • Make a backup
      • Make a restore
      • Make a point-in-time restore
      • List backups
      • View detailed information about a backup
      • Schedule backups
      • Cancel a backup
      • Delete backups
      • View restore progress
      • Replay oplog from arbitrary start time
      • View backup logs
      • PBM configuration via pipelines
      • Automate access to S3 buckets for PBM
      • Diagnose PBM
      • Check status
      • Upgrade PBM
      • Remove PBM
    • FAQ
      • PBM commands
        • Configuration file
        • Remote backup storage options
        • Point-in-time recovery options
        • Backup options
        • Restore options
      • Glossary
      • Release notes index
      • Percona Backup for MongoDB 2.0.5 (2023-03-23)
      • Percona Backup for MongoDB 2.0.4 (2023-02-21)
      • Percona Backup for MongoDB 2.0.3 (2023-01-11)
      • Percona Backup for MongoDB 2.0.2 (2022-10-27)
      • Percona Backup for MongoDB 2.0.1 (2022-10-12)
      • Percona Backup for MongoDB 2.0.0 (2022-09-21)
      • Percona Backup for MongoDB 1.8.1 (2022-07-12)
      • Percona Backup for MongoDB 1.8.0 (2022-06-09)
      • Percona Backup for MongoDB 1.7.0 (2022-04-18)
      • Percona Backup for MongoDB 1.6.1 (2021-11-04)
      • Percona Backup for MongoDB 1.6.0 (2021-08-16)
      • Percona Backup for MongoDB 1.5.0 (2021-05-10)
      • Percona Backup for MongoDB 1.4.1 (2021-01-28)
      • Percona Backup for MongoDB 1.4.0 (2020-12-24)
      • Percona Backup for MongoDB 1.3.4 (2020-11-19)
      • Percona Backup for MongoDB 1.3.3 (2020-11-04)
      • Percona Backup for MongoDB 1.3.2 (2020-10-14)
      • Percona Backup for MongoDB 1.3.1 (2020-09-03)
      • Percona Backup for MongoDB 1.3.0 (2020-08-26)
      • Percona Backup for MongoDB 1.2.1 (2020-07-27)
      • Percona Backup for MongoDB 1.2.0 (2020-05-13)
      • Percona Backup for MongoDB 1.1.3 (2020-04-14)
      • Percona Backup for MongoDB 1.1.1 (2020-01-31)
      • Percona Backup for MongoDB 1.1.0 (2020-01-16)
      • Percona Backup for MongoDB 1.0.0 (2019-09-19)
      • Percona Backup for MongoDB 0.5.0 (2019-06-17)
    • Contribution guidelines
    • Copyright and licensing
    • Trademark policy

    • MongoDB connection strings - A Reminder (or Primer)

    Authentication¶

    Percona Backup for MongoDB has no authentication and authorization subsystem of its own —— it uses that of MongoDB. This means that pbm CLI and pbm-agent require only a valid MongoDB connection URI string for the pbm user.

    For the S3-compatible remote storage authentication config, see Percona Backup for MongoDB configuration in a cluster (or non-sharded replica set).

    MongoDB connection strings - A Reminder (or Primer)¶

    Percona Backup for MongoDB uses MongoDB Connection URI strings to open MongoDB connections. Neither pbm CLI nor pbm-agent accept legacy-style command-line arguments for --host, --port, --user, --password, etc. as the mongo shell or mongodump command does.

    The pbm-agent processes should connect to their localhost mongod with a standalone type of connection.

    pbm-agent --mongodb-uri "mongodb://pbmuser:secretpwd@localhost:27017/?authSource=admin"
    

    Alternatively:

    export PBM_MONGODB_URI="mongodb://pbmuser:secretpwd@localhost:27017/?authSource=admin"
    pbm-agent
    

    Replace the pbmuser:secretpwd with the credentials of the user who owns the pbm process.

    pbm list --mongodb-uri "mongodb://pbmuser:secretpwd@mongocsvr1:27017,mongocsvr2:27017,mongocsvr3:27017/?replicaSet=configrs&authSource=admin"
    

    Alternatively:

    export PBM_MONGODB_URI="mongodb://pbmuser:secretpwd@mongocsvr1:27017,mongocsvr2:27017,mongocsvr3:27017/?replicaSet=configrs&authSource=admin"
    $ pbm list
    

    Replace the pbmuser:secretpwd with the credentials of the user who owns the pbm process

    The pbm CLI will ultimately connect to the replica set with PBM Control Collections.

    • In a non-sharded replica set it is simply that replica set.
    • In a cluster it is the config server replica set.

    You do not necessarily have to provide that connection string. If you provide a connection to any live node (shard, configsvr, or non-sharded replica set member), pbm CLI will automatically determine the right hosts and establish a new connection to those instead.

    The connection URI above is the format that MongoDB drivers have accepted universally since approximately the release time of MongoDB server v3.6. The mongo shell has accepted it too since v4.0. Using a v4.0+ mongo shell is a recommended way to debug connection URI validity from the command line.

    Since Percona Backup for MongoDB must authenticate in MongoDB, we recommend specifying the authentication database associated with the pbm user’s credentials in the connection URI string using the authSource option.

    The MongoDB Connection URI specification also allows specifying the authentication database via the defaultauthdb component. However, in this case, Percona Backup for MongoDB makes a backup of only this specified database.

    If both authSource and defaultauthdb are unspecified, the authentication database defaults to the admin database.

    The MongoDB Connection URI specification includes several non-default options you may need to use. For example, the TLS certificates/keys needed to connect to a cluster or non-sharded replica set with network encryption enabled are “tls=true” plus “tlsCAFile” and/or “tlsCertificateKeyFile” (see tls options).

    Contact Us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.


    Last update: March 29, 2023
    Created: March 29, 2023
    Percona LLC and/or its affiliates, © 2023
    Made with Material for MkDocs

    Cookie consent

    We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better.