Extra “Sametime V12 MongoDB roles” in a highly secured Mongo environment

When following the standard procedure for installing LDAP, MongoDB and Sametime V12. You may discover that the Sametime database user does not have enough rights.

The procedure tells us that the following command for creating an user and roles should be enough:

db.createUser({user: "sametimeUser", pwd: "sametime", roles:[{role:"readWrite",
db:"chatlogging"},{ role:"readWrite", db:"mobileOffline"},{ role:"readWrite",
db:"meeting"},{role:"dbAdmin", db:"meeting"},{role:"userAdminAnyDatabase",
db:"admin"}]})

Because there was no warning or error at this point we finished the installtion and started Sametime V12, I discovered that we couldn’t login into Sametime. Even when LDAP works correctly and tells us “BIND SUCCESSFULL” in the Sametime Community log.

What we did found in the logs where these lines:

install-community-1 | stserver 2022-06-28 09:04:20.016 FINEST 67 --- 139866886377792 : Element login failed: eType=14c3, eId=6e1aea48 0ac150005, uId=CN=ST-User1,O=ORG, reason=80000214
install-community-1 | stserver 2022-06-28 09:04:20.016 FINEST 67 --- 139866886377792 : In SvElementEntry destructor, this = 0x0x1c28160
install-community-1 | stlogger 2022-06-28 09:04:20.016 FINEST 73 --- 140346499958592 : Got message: len=50, type=4
install-community-1 | stlogger 2022-06-28 09:04:20.016 FINEST 73 --- 140346499958592 : Got SEND_ON_CHANNEL message. chId=3, msgType=66, dataLen=24
install-community-1 | stlogger 2022-06-28 09:04:20.016 FINEST 73 --- 140346499958592 : received login failure event
install-community-1 | stlogger 2022-06-28 09:04:20.016 FINEST 73 --- 140346499958592 : handling login failure event
install-community-1 | stlogger 2022-06-28 09:04:20.016 FINEST 73 --- 140346499958592 : writing log entry for login failure event
install-community-1 | stlogger 2022-06-28 09:04:20.017 INFO 73 --- 140346499958592 : Loading STLogResource library: [/local/notesdata/stlogresources.res],
install-community-1 | stlogger 2022-06-28 09:04:20.017 INFO 73 --- 140346499958592 : Successfully loaded resource dll. [/local/notesdata/stlogresources.res],
install-community-1 | stlogger 2022-06-28 09:04:20.017 FINEST 73 --- 140346499958592 : getAppTypeString Warning application code [5315] was not found in clientappnames.dat
install-community-1 | stlogger 2022-06-28 09:04:20.017 FINEST 73 --- 140346499958592 : writing line in log file for login failure event
install-community-1 | stlog 2022-06-28 09:04:20.017 INFO 73 --- 140346499958592 : LoginFailed userName=CN=ST-User1,O=ORG organization= IP=10.0.10.10 app=(0x14c3)(5315) reason=(0x80000214)
install-community-1 | stlogger 2022-06-28 09:04:20.017 FINEST 73 --- 140346499958592 : finished handling login failure event

I raised a case at HCL in order to get some help, because we thought it was a LDAP or clientappnames.dat issue in Docker. But after some investigation HCL discovered that the verbose logging pointed out to MongoDB. When we checked another perfect running Sametime V12 instance with a local database ( on the same server ), we noticed 2 more databases: userinfo and privacy

HCL came with the solution to add 2 more roles for the Sametime user:

> use admin
> db.grantRolesToUser( "sametimeUser", [ {role:"readWrite", db:"privacy"}])
> db.grantRolesToUser( "sametimeUser", [ {role:"readWrite", db:"userinfo"}])

After restarting the Docker containers, Sametime was up and running and we could logon.

Visits: 607