Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Graylog cannot authenticate on MongoDB if password contains the sign + #5680

frantz45 opened this issue Feb 13, 2019 · 3 comments

Graylog cannot authenticate on MongoDB if password contains the sign + #5680

frantz45 opened this issue Feb 13, 2019 · 3 comments


Copy link

@frantz45 frantz45 commented Feb 13, 2019

Expected Behavior

Graylog should authenticate on MongoDB

Current Behavior

Graylog does not authenticate on MongoDB

Possible Solution

Choose a password without the sign +

Steps to Reproduce (for bugs)

  1. Enable authentication on MongoDB
  2. Restart MongoDB service
  3. Create a MongoDB user with the sign + in the password
  4. Configure mongodb_uri = mongodb://grayloguser:secret+@localhost:27017/graylog
  5. Restart Graylog
  6. Graylog's logs (server.log) say "Authentication failed on MongoDB error code 18"
  7. Try to connect to MongoDB from bash with the same mongodb_uri and it works:
    mongo mongodb://grayloguser:secret+@localhost:27017/graylog

MongoDB doc does not say the sign + needs to be encoded:
If the username or password includes the at sign @, colon :, slash /, or the percent sign % character, use percent encoding.


Puppet automatically chooses a password for the graylog MongoDB user. + was in the charset used.

Your Environment

  • Graylog Version: 2.4.6
  • Elasticsearch Version: 5.6
  • MongoDB Version: 3.6.6
  • Operating System: CentOS 7
  • Browser version: Firefox ESR
Copy link

@mariussturm mariussturm commented Feb 28, 2019

Hi @frantz45,
thanks for the report! This is a bug in the mongodb library version we use for 3.0. The issue was already fixed upstream here: mongodb/mongo-java-driver@4a44f05
I have created a PR to get this into Graylog 3.0.1 #5736

@mariussturm mariussturm self-assigned this Feb 28, 2019
Copy link

@mariussturm mariussturm commented Mar 12, 2019

@frantz45 unfortunately we can't jump easily to a more recent mongo-java-driver version. For now the user needs to escape plus signs by hand with this string: %2B.

We will add this to the examples in the default configuration.

Copy link

@bernd bernd commented Mar 26, 2019

Since we have a (documented #5795) workaround now, I will close this ticket. The underlying issue is not fixed, but will be fixed once we update the MongoDB driver.

@bernd bernd closed this Mar 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

4 participants