Get Current LDAP Configuration¶
Gets the current LDAP over TLS /SSL configuration details for a Atlas project.
Note
Groups and projects are synonymous terms. Your {GROUP-ID}
is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups
.
https://cloud.mongodb.com/api/atlas/v1.0
Syntax¶
GET /groups/{GROUP-ID}/userSecurity
Request Path Parameters¶
Parameter | Required/Optional | Description |
---|---|---|
GROUP-ID | Required | Identifier for the Atlas project associated with the LDAP over TLS/SSL configuration. |
Request Query Parameters¶
The following query parameters are optional:
Query Parameter | Type | Description | Default |
---|---|---|---|
pretty | boolean | Displays response in a prettyprint format. | false |
envelope | boolean | Specifies whether or not to wrap the response in an envelope. | false |
Request Body Parameters¶
This endpoint does not use HTTP request body parameters.
Response Elements¶
Name | Type | Description |
---|---|---|
ldap | document | Specifies the LDAP over TLS/SSL configuration details for an Atlas group. |
ldap.authenticationEnabled | boolean | Specifies whether user authentication with LDAP is enabled. |
ldap.authorizationEnabled | boolean | Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP. |
ldap.hostname | string | The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering. |
ldap.port | integer | The port to which the LDAP server listens for client connections. |
ldap.bindUsername | string | The user DN that Atlas uses to connect to the LDAP server.
Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com . |
ldap.userToDNMapping | document array | The user to Distinguished Name (DN) mapping used to transform an LDAP username into an LDAP Distinguished Name. |
ldap.userToDNMapping[i].match | string | The regular expression used to match against the provided LDAP
username. Each parenthesis-enclosed section represents a
regular expression capture group
used by the substitution or ldapQuery template. |
ldap.userToDNMapping[i].substitution | string | The LDAP Distinguished Name (DN) formatting template that converts
the LDAP username matched by the match regular
expression into an LDAP Distinguished Name. |
ldap.userToDNMapping[i].ldapQuery | string | The LDAP query formatting template that inserts the LDAP
username matched by the match regular expression into an LDAP
query URI as specified by RFC 4515
and RFC 4516. |
caCertificate | object | CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed. |
authzQueryTemplate | string | The LDAP query template that Atlas executes to obtain the LDAP
groups to which the authenticated user belongs. Used only for user authorization.
Use the {USER} placeholder in the URL to substitute the authenticated
username. The query is relative to the host specified with hostname .
The formatting for the query must conform to RFC4515
and RFC 4516. If you
do not provide a query template, Atlas attempts to use the
default value: {USER}?memberOf?base . |
Example Request¶
The following example returns the current LDAP over TLS/SSL configuration for the specified Atlas project:
curl -X GET -i -u "fred@example.com:457026b5-07a6-40a9-9706-ae0b374e775g" -H "Content-Type: application/json" \ --digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b8df67087d9d615da86401c/userSecurity?pretty=true"
Example Response¶
The following example shows the JSON document returned:
{ "ldap" : { "authenticationEnabled" : true, "authorizationEnabled" : true, "authzQueryTemplate" : "{USER}?memberOf?base", "bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com", "hostname" : "atlas-ldaps-01.ldap.myteam.com", "port" : 636, "userToDNMapping" : [ { "match" : "(.*)", "substitution" : "CN={0},CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com" } ] } }
Give Feedback