Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Configure Backup Agent for LDAP Authentication

Overview

If your MongoDB deployment enforces access control, the Backup Agent must authenticate to MongoDB as a user with the proper access.

Starting in version 2.6, MongoDB Enterprise provides an LDAP (plain) authentication mechanism that allows clients to authenticate to MongoDB deployments using LDAP. Backup Agents support authenticating to MongoDB instances using LDAP.

If your MongoDB deployment uses LDAP to authenticate users, to authenticate the Backup Agent, create a user in the $external database with the appropriate roles in MongoDB.

Considerations

You must configure LDAP authentication separately for the Backup Agent and for the Monitoring Agent.

You can configure LDAP authentication when activating backup or later by editing the backup configuration.

Prerequisites

There are additional authentication configuration requirements for Ops Manager Backup when using MongoDB 2.4 with authentication. See Required Access for Backup Agent for more information.

Create User in MongoDB

To monitor MongoDB 2.6 instances that are using LDAP authentication, add a user to the $external database in MongoDB with the appropriate roles. The $external database allows mongod to consult an external source (e.g. LDAP) to authenticate.

MongoDB 3.0 or later

db.getSiblingDB("$external").createUser(
    {
      user : "<username>",
      roles: [ { role: "backup", db: "admin" } ]
    }
)

MongoDB 2.6

db.getSiblingDB("$external").createUser(
   {
     user: "<username>",
     roles: [
        "clusterAdmin",
        "readAnyDatabase",
        "userAdminAnyDatabase",
        { role: "readWrite", db: "admin" },
        { role: "readWrite", db: "local" },
     ]
   }
)

See Access Control for MongoDB 2.6 for more information on the required access.

Host Settings

In addition to adding the agent as a MongoDB user, you must also specify the host’s authentication settings. You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.