##-------------------------------------------------------------------- ## MongoDB Auth/ACL Plugin ##-------------------------------------------------------------------- ## MongoDB Topology Type. ## ## Value: single | unknown | sharded | rs auth.mongo.type = single ## The set name if type is rs. ## ## Value: String ## auth.mongo.rs_set_name = ## MongoDB server list. ## ## Value: String ## ## Examples: 127.0.0.1:27017,127.0.0.2:27017... auth.mongo.server = 127.0.0.1:27017 ## MongoDB pool size ## ## Value: Number auth.mongo.pool = 8 ## MongoDB login user. ## ## Value: String # auth.mongo.username = ## MongoDB password. ## ## Value: String ## auth.mongo.password = ## MongoDB AuthSource ## ## Value: String ## Default: mqtt ## auth.mongo.auth_source = admin ## MongoDB database ## ## Value: String auth.mongo.database = mqtt ## MongoDB query timeout ## ## Value: Duration ## auth.mongo.query_timeout = 5s ## Whether to enable SSL connection. ## ## Value: on | off ## auth.mongo.ssl = off ## SSL keyfile. ## ## Value: File ## auth.mongo.ssl.keyfile = ## SSL certfile. ## ## Value: File ## auth.mongo.ssl.certfile = ## SSL cacertfile. ## ## Value: File ## auth.mongo.ssl.cacertfile = ## MongoDB write mode. ## ## Value: unsafe | safe ## auth.mongo.w_mode = ## Mongo read mode. ## ## Value: master | slave_ok ## auth.mongo.r_mode = ## MongoDB topology options. auth.mongo.topology.pool_size = 1 auth.mongo.topology.max_overflow = 0 ## auth.mongo.topology.overflow_ttl = 1000 ## auth.mongo.topology.overflow_check_period = 1000 ## auth.mongo.topology.local_threshold_ms = 1000 ## auth.mongo.topology.connect_timeout_ms = 20000 ## auth.mongo.topology.socket_timeout_ms = 100 ## auth.mongo.topology.server_selection_timeout_ms = 30000 ## auth.mongo.topology.wait_queue_timeout_ms = 1000 ## auth.mongo.topology.heartbeat_frequency_ms = 10000 ## auth.mongo.topology.min_heartbeat_frequency_ms = 1000 ## ------------------------------------------------- ## Auth Query ## ------------------------------------------------- ## Password hash. ## ## Value: plain | md5 | sha | sha256 | bcrypt auth.mongo.auth_query.password_hash = sha256 ## sha256 with salt suffix ## auth.mongo.auth_query.password_hash = sha256,salt ## sha256 with salt prefix ## auth.mongo.auth_query.password_hash = salt,sha256 ## bcrypt with salt prefix ## auth.mongo.auth_query.password_hash = salt,bcrypt ## pbkdf2 with macfun iterations dklen ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 ## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20 ## Authentication query. auth.mongo.auth_query.collection = mqtt_user ## Password mainly fields ## ## Value: password | password,salt auth.mongo.auth_query.password_field = password ## Authentication Selector. ## ## Variables: ## - %u: username ## - %c: clientid ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert ## ## auth.mongo.auth_query.selector = {Field}={Placeholder} auth.mongo.auth_query.selector = username=%u ## ------------------------------------------------- ## Super User Query ## ------------------------------------------------- auth.mongo.super_query.collection = mqtt_user auth.mongo.super_query.super_field = is_superuser #auth.mongo.super_query.selector = username=%u, clientid=%c auth.mongo.super_query.selector = username=%u ## ACL Selector. ## ## Multiple selectors could be combined with '$or' ## when query acl from mongo. ## ## e.g. ## ## With following 2 selectors configured: ## ## auth.mongo.acl_query.selector.1 = username=%u ## auth.mongo.acl_query.selector.2 = username=$all ## ## And if a client connected using username 'ilyas', ## then the following mongo command will be used to ## retrieve acl entries: ## ## db.mqtt_acl.find({$or: [{username: "ilyas"}, {username: "$all"}]}); ## ## Variables: ## - %u: username ## - %c: clientid ## ## Examples: ## ## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c ## auth.mongo.acl_query.selector.2 = username=$all ## auth.mongo.acl_query.selector.3 = clientid=$all auth.mongo.acl_query.collection = mqtt_acl auth.mongo.acl_query.selector = username=%u