Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Enable LDAP Authentication for your Ops Manager Group

On this page

Ops Manager enables you to configure the Authentication Mechanisms that the Ops Manager Agents use to connect to your MongoDB deployments from within the Ops Manager interface. You can enable multiple authentication mechanisms for your group, but you must choose a single mechanism for the Agents to use to authenticate to your deployment.

MongoDB Enterprise provides support for proxy authentication of users. This allows administrators to configure a MongoDB cluster to authenticate users by proxying authentication requests to a specified Lightweight Directory Access Protocol (LDAP) service.

LDAP (Plain) is only available on MongoDB Enterprise builds. If you have existing deployments running on a MongoDB Community build, you must upgrade them to MongoDB Enterprise before you can enable LDAP (Plain) for your Ops Manager group.

Considerations

MongoDB Enterprise for Windows does not include LDAP support for authentication. However, MongoDB Enterprise for Linux supports using LDAP authentication with an ActiveDirectory server.

MongoDB does not support LDAP authentication in mixed sharded cluster deployments that contain both version 2.4 and version 2.6 shards.

The Authenticate Using SASL and LDAP with ActiveDirectory and Authenticate Using SASL and LDAP with OpenLDAP tutorials in the MongoDB manual provide more information about setting up LDAP and SASL for MongoDB. Setting up LDAP and SASL is beyond the scope of this document.

Procedure

This procedure describes how to configure and enable LDAP authentication when using Automation. If your Monitoring or Backup agents are not managed by Ops Manager, you must manually configure them to use LDAP. See: Configure Monitoring Agent for LDAP and Configure Backup Agent for LDAP Authentication for instructions.

If at any point you wish to reset the authentication settings for your group and start again, you can use the Clear Settings button in the Authentication & SSL Settings window to clear all authentication and security settings, automation users, and automation roles. You cannot clear the authentication and security settings if there are managed processes in your deployment. See: Clear Security Settings for more information.

1

Select the Deployment tab and then the Deployment page.

2

Click the Ellipsis icon at the top of the page, and select Authentication & SSL Settings.

3

Select LDAP (PLAIN) and click Continue.

4

Configure SSL if desired, and click Continue.

If desired, enable SSL for the group. See: Enable SSL for a Deployment for SSL setup instructions.

SSL is not required for use with LDAP (PLAIN) authentication.

5

Select the Agent Auth Mechanism and configure the Ops Manager Agents.

If you enable more than one authenication mechanism, you must specify which authentication mechanism the Ops Manager agents should use to connect to your deployment. Choose LDAP (PLAIN).

Provide the LDAP Username and Password that each Agent should use to connect to the deployment.

You do not need to configure all of the agents: for example, if you are not using Backup, you do not need to configure the Backup agent.

6

Click Save.

7

Click Review & Deploy

8

Click Confirm & Deploy.

To view deployment progress, click View Agent Logs and select an agent at the top of the Agent Logs page. To check for updated entries, refresh the page.

If you diagnose an error and need to correct the deployment configuration, click Edit Configuration and then click Edit Configuration again. Then, reconfigure the deployment as needed.

When you complete your changes, click Review & Deploy and then Confirm & Deploy again.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.