- Reference >
- Monitoring Agent >
- Configure Monitoring Agent for Access Control >
- Configure Monitoring Agent for LDAP
Configure Monitoring Agent for LDAP¶
Overview¶
If your MongoDB deployment enforces access control, the Monitoring Agent must authenticate to MongoDB as a user with the proper access.
LDAP is a standard protocol for accessing user credential data. Starting in version 2.6, MongoDB Enterprise provides an LDAP (plain) authentication mechanism that allows clients to authenticate to MongoDB deployments using LDAP. Monitoring Agents support authenticating to MongoDB instances using LDAP.
If your MongoDB deployment uses LDAP to authenticate users, to
authenticate the Monitoring Agent, create a user in the $external
database with the appropriate roles in MongoDB.
Considerations¶
You must configure LDAP authentication separately for the Monitoring Agent and for the Backup Agent.
You can configure LDAP authentication when adding a host or later by editing the host.
Prerequisites¶
There are additional authentication configuration requirements for Ops Manager Monitoring when using MongoDB 2.4 with authentication. See Required Access for Monitoring Agent for more information.
Create User in MongoDB¶
To monitor MongoDB 2.6 instances that are using LDAP authentication,
add a user to the $external
database in MongoDB with the
appropriate roles. The $external
database allows mongod
to consult an external source (e.g. LDAP) to authenticate.
See Access Control for MongoDB 2.6 for more information on the required access.
Host Settings¶
In addition to adding the agent as a MongoDB user, you must also specify the host’s authentication settings. You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.