Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Enable LDAP Authentication for your Ops Manager Group

On this page

Ops Manager enables you to configure the Authentication Mechanisms that the Ops Manager Agents use to connect to your MongoDB deployments from within the Ops Manager interface. You can enable multiple authentication mechanisms for your group, but you must choose a single mechanism for the Agents to use to authenticate to your deployment.

MongoDB Enterprise provides support for proxy authentication of users. This allows administrators to configure a MongoDB cluster to authenticate users by proxying authentication requests to a specified Lightweight Directory Access Protocol (LDAP) service.

LDAP (Plain) is only available on MongoDB Enterprise builds. If you have existing deployments running on a MongoDB Community build, you must upgrade them to MongoDB Enterprise before you can enable LDAP (Plain) for your Ops Manager group.

Considerations

MongoDB Enterprise for Windows does not include LDAP support for authentication. However, MongoDB Enterprise for Linux supports using LDAP authentication with an ActiveDirectory server.

MongoDB does not support LDAP authentication in mixed sharded cluster deployments that contain both version 2.4 and version 2.6 shards.

The Authenticate Using SASL and LDAP with ActiveDirectory and Authenticate Using SASL and LDAP with OpenLDAP tutorials in the MongoDB manual provide more information about setting up LDAP and SASL for MongoDB. Setting up LDAP and SASL is beyond the scope of this document.

Procedure

This procedure describes how to configure and enable LDAP authentication when using Automation. If your Monitoring or Backup agents are not managed by Ops Manager, you must manually configure them to use LDAP. See: Configure Monitoring Agent for LDAP and Configure Backup Agent for LDAP Authentication for instructions.

Note

If Ops Manager is not managing any MongoDB deployment, you can reset Authentication and SSL settings for your group.

To remove all authentication and security settings as well as the users and roles you created using Ops Manager, click Clear Settings in the Authentication & SSL Settings dialog box .

See Clear Security Settings for more information.

To unmanage MongoDB deployments, see Remove a Process from Management or Monitoring.

1

Click the Deployment tab, then click the Deployment page.

2
3

Check LDAP (PLAIN), then click Next.

4

Configure SSL if desired, and click Continue.

If desired, enable SSL for the group.

Note

See Enable SSL for a Deployment for SSL setup instructions.

SSL is not required for use with LDAP (PLAIN) authentication.

5

Configure the Authentication Mechanism for the Agents.

If you enable more than one authentication mechanism, you must specify which one of the authentication mechanisms the Ops Manager agents should use to connect to your deployment.

  1. Select LDAP (PLAIN) from the Agent Auth Mechanism drop-down menu.

  2. For each Agent, provide:

    Setting Value
    <Agent> LDAP Username Enter the LDAP username.
    <Agent> LDAP Password Enter the password for Agent’s LDAP Username.

  3. Click Save.

You do not need to configure all of the agents, only the ones you installed.

Example

If you did not install the Backup agent, you do not need to configure the Backup agent.

6

Click Review & Deploy to review your changes.

7

Review and approve your changes.

Ops Manager displays your proposed changes.

  1. If they are acceptable, click Confirm & Deploy.
  2. If they are unacceptable, click Cancel and you can make additional changes.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.