- Reference >
- Backup Agent >
- Configure Backup Agent for Access Control >
- Configure Backup Agent for LDAP Authentication
Configure Backup Agent for LDAP Authentication¶
On this page
If your MongoDB deployment enforces access control, the Backup Agent must authenticate to MongoDB as a user with the proper access.
Starting with version 2.6, MongoDB Enterprise for Linux provides support for proxy authentication of users. This allows administrators to configure a MongoDB cluster to authenticate users by proxying authentication requests to a specified Lightweight Directory Access Protocol (LDAP) service. Backup Agents support authenticating to MongoDB instances using LDAP.
MongoDB Enterprise for Windows does not include LDAP support for authentication.
If your MongoDB deployment uses LDAP to authenticate users, to
authenticate the Backup Agent, create a user in the $external
database with the appropriate roles in MongoDB.
Note
In Ops Manager 1.8 and later, Ops Manager can manage agent authentication for you if you use Automation to manage the agents. With Automation, Ops Manager creates the users for each agent and configures the agent appropriately. See: Enable LDAP Authentication for your Ops Manager Group for more information.
Considerations¶
You must configure LDAP authentication separately for each agent. See Configure Monitoring Agent for LDAP for configuration instructions for the Monitoring Agent.
You can configure LDAP authentication when activating backup or by editing the an existing host’s configuration. Enable LDAP Authentication for your Ops Manager Group for instructions.
There are additional authentication configuration requirements for Ops Manager Backup when using MongoDB 2.4 with authentication. See Required Access for Backup Agent for more information.
Procedures¶
Create User in MongoDB¶
To back up MongoDB 2.6+ instances that are using LDAP authentication,
add a user that possess the required roles to the $external
database
in MongoDB. The $external
database allows mongod to
consult an external source, such as an LDAP server, to authenticate.
Use the following commands to create the users from a mongo shell connected to your MongoDB deployment:
MongoDB 3.0 or later¶
MongoDB 2.6¶
See Required Access for Backup Agent for more information on the required access.
Host Settings¶
In addition to adding the agent as a MongoDB user, you must also specify the host’s authentication settings. You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.