Docs Home → MongoDB Ops Manager
Configure MongoDB Agent for LDAP
If your MongoDB deployment enforces access control, the MongoDB Agent must authenticate to MongoDB as a user with the proper access. If you use Automation, Ops Manager takes care of this for you.
MongoDB Enterprise supports simple and SASL binding to LDAP servers
via saslauthd
and operating system libraries:
MongoDB Enterprise for Linux can bind to an LDAP server either via
saslauthd
or via operating system libraries.MongoDB Enterprise for Windows can bind to an LDAP server via the operating system libraries.
MongoDB Agent support authenticating to MongoDB instances using LDAP.
Note
With Automation, Ops Manager manages MongoDB Agent authentication for you. To learn more about authentication, see Enable LDAP Authentication for your Ops Manager Project.
Prerequisites
Configure Deployments to Use Authentication
The MongoDB Agent interacts with the MongoDB databases in your deployment as a MongoDB user would. As a result, you must configure your MongoDB deployment and the MongoDB Agent to support authentication.
You can specify the deployment's authentication mechanisms when adding the deployment, or you can edit the settings for an existing deployment. At minimum, the deployment must enable the authentication mechanism you want the MongoDB Agent to use. The MongoDB Agent can use any supported authentication mechanism.
Set Require TLS Certificate Environment Variable
On the MongoDB Agent hosts, you must set the
TLS_REQCERT
environment variable to demand
.
Example
In a Red Hat Enterprise Linux host, open the
/etc/openldap/ldap.conf
file and add the following setting and
value:
TLS_REQCERT demand
You can use your application to set this environment variable.
Considerations
If Automation does not manage your deployment, you must configure LDAP authentication separately for each function.
To configure LDAP authentication, add a host or edit an existing host's configuration.