173 lines
4.1 KiB
Plaintext
173 lines
4.1 KiB
Plaintext
##--------------------------------------------------------------------
|
|
## MongoDB Auth/ACL Plugin
|
|
##--------------------------------------------------------------------
|
|
|
|
## MongoDB Topology Type.
|
|
##
|
|
## Value: single | unknown | sharded | rs
|
|
auth.mongo.type = single
|
|
|
|
## The set name if type is rs.
|
|
##
|
|
## Value: String
|
|
## auth.mongo.rs_set_name =
|
|
|
|
## MongoDB server list.
|
|
##
|
|
## Value: String
|
|
##
|
|
## Examples: 127.0.0.1:27017,127.0.0.2:27017...
|
|
auth.mongo.server = 127.0.0.1:27017
|
|
|
|
## MongoDB pool size
|
|
##
|
|
## Value: Number
|
|
auth.mongo.pool = 8
|
|
|
|
## MongoDB login user.
|
|
##
|
|
## Value: String
|
|
## auth.mongo.login =
|
|
|
|
## MongoDB password.
|
|
##
|
|
## Value: String
|
|
## auth.mongo.password =
|
|
|
|
## MongoDB AuthSource
|
|
##
|
|
## Value: String
|
|
## Default: mqtt
|
|
## auth.mongo.auth_source = admin
|
|
|
|
## MongoDB database
|
|
##
|
|
## Value: String
|
|
auth.mongo.database = mqtt
|
|
|
|
## MongoDB query timeout
|
|
##
|
|
## Value: Duration
|
|
## auth.mongo.query_timeout = 5s
|
|
|
|
## Whether to enable SSL connection.
|
|
##
|
|
## Value: true | false
|
|
## auth.mongo.ssl = false
|
|
|
|
## SSL keyfile.
|
|
##
|
|
## Value: File
|
|
## auth.mongo.ssl_opts.keyfile =
|
|
|
|
## SSL certfile.
|
|
##
|
|
## Value: File
|
|
## auth.mongo.ssl_opts.certfile =
|
|
|
|
## SSL cacertfile.
|
|
##
|
|
## Value: File
|
|
## auth.mongo.ssl_opts.cacertfile =
|
|
|
|
## MongoDB write mode.
|
|
##
|
|
## Value: unsafe | safe
|
|
## auth.mongo.w_mode =
|
|
|
|
## Mongo read mode.
|
|
##
|
|
## Value: master | slave_ok
|
|
## auth.mongo.r_mode =
|
|
|
|
## MongoDB topology options.
|
|
auth.mongo.topology.pool_size = 1
|
|
auth.mongo.topology.max_overflow = 0
|
|
## auth.mongo.topology.overflow_ttl = 1000
|
|
## auth.mongo.topology.overflow_check_period = 1000
|
|
## auth.mongo.topology.local_threshold_ms = 1000
|
|
## auth.mongo.topology.connect_timeout_ms = 20000
|
|
## auth.mongo.topology.socket_timeout_ms = 100
|
|
## auth.mongo.topology.server_selection_timeout_ms = 30000
|
|
## auth.mongo.topology.wait_queue_timeout_ms = 1000
|
|
## auth.mongo.topology.heartbeat_frequency_ms = 10000
|
|
## auth.mongo.topology.min_heartbeat_frequency_ms = 1000
|
|
|
|
## -------------------------------------------------
|
|
## Auth Query
|
|
## -------------------------------------------------
|
|
## Password hash.
|
|
##
|
|
## Value: plain | md5 | sha | sha256 | bcrypt
|
|
auth.mongo.auth_query.password_hash = sha256
|
|
|
|
## sha256 with salt suffix
|
|
## auth.mongo.auth_query.password_hash = sha256,salt
|
|
|
|
## sha256 with salt prefix
|
|
## auth.mongo.auth_query.password_hash = salt,sha256
|
|
|
|
## bcrypt with salt prefix
|
|
## auth.mongo.auth_query.password_hash = salt,bcrypt
|
|
|
|
## pbkdf2 with macfun iterations dklen
|
|
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
|
|
## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20
|
|
|
|
## Authentication query.
|
|
auth.mongo.auth_query.collection = mqtt_user
|
|
|
|
## Password mainly fields
|
|
##
|
|
## Value: password | password,salt
|
|
auth.mongo.auth_query.password_field = password
|
|
|
|
## Authentication Selector.
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
## - %C: common name of client TLS cert
|
|
## - %d: subject of client TLS cert
|
|
##
|
|
## auth.mongo.auth_query.selector = {Field}={Placeholder}
|
|
auth.mongo.auth_query.selector = username=%u
|
|
|
|
## -------------------------------------------------
|
|
## Super User Query
|
|
## -------------------------------------------------
|
|
auth.mongo.super_query.collection = mqtt_user
|
|
auth.mongo.super_query.super_field = is_superuser
|
|
#auth.mongo.super_query.selector = username=%u, clientid=%c
|
|
auth.mongo.super_query.selector = username=%u
|
|
|
|
## ACL Selector.
|
|
##
|
|
## Multiple selectors could be combined with '$or'
|
|
## when query acl from mongo.
|
|
##
|
|
## e.g.
|
|
##
|
|
## With following 2 selectors configured:
|
|
##
|
|
## auth.mongo.acl_query.selector.1 = username=%u
|
|
## auth.mongo.acl_query.selector.2 = username=$all
|
|
##
|
|
## And if a client connected using username 'ilyas',
|
|
## then the following mongo command will be used to
|
|
## retrieve acl entries:
|
|
##
|
|
## db.mqtt_acl.find({$or: [{username: "ilyas"}, {username: "$all"}]});
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
##
|
|
## Examples:
|
|
##
|
|
## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c
|
|
## auth.mongo.acl_query.selector.2 = username=$all
|
|
## auth.mongo.acl_query.selector.3 = clientid=$all
|
|
auth.mongo.acl_query.collection = mqtt_acl
|
|
auth.mongo.acl_query.selector = username=%u
|