- Reference >
- Backup Agent >
- Configure Backup Agent for Access Control >
- Configure Backup Agent for LDAP Authentication
Configure Backup Agent for LDAP Authentication¶
Overview¶
If your MongoDB deployment enforces access control, the Backup Agent must authenticate to MongoDB as a user with the proper access.
Starting in version 2.6, MongoDB Enterprise provides an LDAP (plain) authentication mechanism that allows clients to authenticate to MongoDB deployments using LDAP. Backup Agents support authenticating to MongoDB instances using LDAP.
If your MongoDB deployment uses LDAP to authenticate users, to
authenticate the Backup Agent, create a user in the $external
database with the appropriate roles in MongoDB.
Considerations¶
You must configure LDAP authentication separately for the Backup Agent and for the Monitoring Agent.
You can configure LDAP authentication when activating backup or later by editing the backup configuration.
Prerequisites¶
There are additional authentication configuration requirements for Ops Manager Backup when using MongoDB 2.4 with authentication. See Required Access for Backup Agent for more information.
Create User in MongoDB¶
To monitor MongoDB 2.6 instances that are using LDAP authentication,
add a user to the $external
database in MongoDB with the
appropriate roles. The $external
database allows mongod
to consult an external source (e.g. LDAP) to authenticate.
MongoDB 3.0 or later¶
MongoDB 2.6¶
See Access Control for MongoDB 2.6 for more information on the required access.
Host Settings¶
In addition to adding the agent as a MongoDB user, you must also specify the host’s authentication settings. You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.