Get Current LDAP Configuration¶

Gets the current LDAP over TLS/SSL configuration details for a Atlas project.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

https://cloud.mongodb.com/api/atlas/v1.0

Syntax¶

GET /groups/{GROUP-ID}/userSecurity

Request Path Parameters¶

Parameter	Required/Optional	Description
`GROUP-ID`	Required	Identifier for the Atlas project associated with the LDAP over TLS/SSL configuration.

Request Query Parameters¶

This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.

Name

Type

Necessity

Description

Default

pretty

boolean

Optional

Flag indicating whether the response body should be in a prettyprint format.

false

envelope

boolean

Optional

Flag indicating if Atlas should wrap the response in a JSON envelope.

This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:


status	HTTP response code
envelope	Expected response body

false

Request Body Parameters¶

This endpoint does not use HTTP request body parameters.

Response Elements¶

Name	Type	Description
`ldap`	document	Specifies the LDAP over TLS/SSL configuration details for an Atlas group.
`ldap.authenticationEnabled`	boolean	Specifies whether user authentication with LDAP is enabled.
`ldap.authorizationEnabled`	boolean	Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.
`ldap.hostname`	string	The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.
`ldap.port`	integer	The port to which the LDAP server listens for client connections.
`ldap.bindUsername`	string	The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as `CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com`.
`ldap.userToDNMapping`	document array	The user to Distinguished Name (DN) mapping used to transform an LDAP username into an LDAP Distinguished Name.
`ldap.userToDNMapping[i].match`	string	The regular expression used to match against the provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the `substitution` or `ldapQuery` template.
`ldap.userToDNMapping[i].substitution`	string	The LDAP Distinguished Name (DN) formatting template that converts the LDAP username matched by the `match` regular expression into an LDAP Distinguished Name.
`ldap.userToDNMapping[i].ldapQuery`	string	The LDAP query formatting template that inserts the LDAP username matched by the `match` regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516.
`caCertificate`	object	CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.
`authzQueryTemplate`	string	The LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs. Used only for user authorization. Use the {USER} placeholder in the URL to substitute the authenticated username. The query is relative to the host specified with `hostname`. The formatting for the query must conform to RFC4515 and RFC 4516. If you do not provide a query template, Atlas attempts to use the default value: `{USER}?memberOf?base`.

Example Request¶

The following example returns the current LDAP over TLS/SSL configuration for the specified Atlas project:

curl -X GET -i -u "fred@example.com:457026b5-07a6-40a9-9706-ae0b374e775g" -H "Content-Type: application/json" \
   --digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b8df67087d9d615da86401c/userSecurity?pretty=true"

Example Response¶

The following example shows the JSON document returned:

{
  "ldap" : {
    "authenticationEnabled" : true,
    "authorizationEnabled" : true,
    "authzQueryTemplate" : "{USER}?memberOf?base",
    "bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com",
    "hostname" : "atlas-ldaps-01.ldap.myteam.com",
    "port" : 636,
    "userToDNMapping" : [ {
      "match" : "(.*)",
      "substitution" : "CN={0},CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com"
    } ]
  }
}

Give Feedback

← Save One LDAP Configuration Delete an LDAP userToDNMapping →