Navigation

Get Current LDAP Configuration

Gets the current LDAP over TLS /SSL configuration details for a Atlas project.

Info With Circle IconCreated with Sketch.Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

https://cloud.mongodb.com/api/atlas/v1.0

GET /groups/{GROUP-ID}/userSecurity
ParameterRequired/OptionalDescription
GROUP-IDRequiredIdentifier for the Atlas project associated with the LDAP over TLS/SSL configuration.

The following query parameters are optional:

Query ParameterTypeDescriptionDefault
prettybooleanDisplays response in a prettyprint format.false
envelopebooleanSpecifies whether or not to wrap the response in an envelope.false

This endpoint does not use HTTP request body parameters.

NameTypeDescription
ldapdocumentSpecifies the LDAP over TLS/SSL configuration details for an Atlas group.
ldap.authenticationEnabledbooleanSpecifies whether user authentication with LDAP is enabled.
ldap.authorizationEnabledbooleanSpecifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.
ldap.hostnamestringThe hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.
ldap.portintegerThe port to which the LDAP server listens for client connections.
ldap.bindUsernamestringThe user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.
ldap.userToDNMappingdocument arrayThe user to Distinguished Name (DN) mapping used to transform an LDAP username into an LDAP Distinguished Name.
ldap.userToDNMapping[i].matchstringThe regular expression used to match against the provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldapQuery template.
ldap.userToDNMapping[i].substitutionstringThe LDAP Distinguished Name (DN) formatting template that converts the LDAP username matched by the match regular expression into an LDAP Distinguished Name.
ldap.userToDNMapping[i].ldapQuerystringThe LDAP query formatting template that inserts the LDAP username matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516.
caCertificateobjectCA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.
authzQueryTemplatestringThe LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs. Used only for user authorization. Use the {USER} placeholder in the URL to substitute the authenticated username. The query is relative to the host specified with hostname. The formatting for the query must conform to RFC4515 and RFC 4516. If you do not provide a query template, Atlas attempts to use the default value: {USER}?memberOf?base.

The following example returns the current LDAP over TLS/SSL configuration for the specified Atlas project:

curl -X GET -i -u "fred@example.com:457026b5-07a6-40a9-9706-ae0b374e775g" -H "Content-Type: application/json" \
--digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b8df67087d9d615da86401c/userSecurity?pretty=true"

The following example shows the JSON document returned:

{
"ldap" : {
"authenticationEnabled" : true,
"authorizationEnabled" : true,
"authzQueryTemplate" : "{USER}?memberOf?base",
"bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com",
"hostname" : "atlas-ldaps-01.ldap.myteam.com",
"port" : 636,
"userToDNMapping" : [ {
"match" : "(.*)",
"substitution" : "CN={0},CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com"
} ]
}
}
Give Feedback