Navigation

Delete an LDAP userToDNMapping

Removes the current userToDNMapping from the LDAP configuration for an Atlas project. A userToDNMapping maps the username provided to a mongod or mongos process for authentication to an LDAP Distinguished Name (DN).

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

https://cloud.mongodb.com/api/atlas/v1.0

DELETE /groups/{GROUP-ID}/userSecurity
Parameter
Required/Optional
Description
GROUP-ID
Required
Identifier for the Atlas group associated with the LDAP over TLS/SSL configuration.

This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.

Name
Type
Necessity
Description
Default
pretty
boolean
Optional
Flag indicating whether the response body should be in a prettyprint format.
false
envelope
boolean
Optional

Flag indicating if Atlas should wrap the response in a JSON envelope.

This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status
HTTP response code
envelope
Expected response body
false

This endpoint does not use HTTP request body parameters.

Name
Type
Description
ldap
document
Specifies the LDAP over TLS/SSL configuration details for an Atlas group.
ldap.authenticationEnabled
boolean
Specifies whether user authentication with LDAP is enabled.
ldap.authorizationEnabled
boolean
Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.
ldap.authzQueryTemplate
string
The LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs. Used only for user authorization. Use the {USER} placeholder in the URL to substitute the authenticated username. The query is relative to the host specified with hostname. The formatting for the query must conform to RFC4515 and RFC 4516. If you do not provide a query template, Atlas attempts to use the default value: {USER}?memberOf?base.
ldap.hostname
string
The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.
ldap.port
integer
The port to which the LDAP server listens for client connections.
ldap.bindUsername
string
The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

The following example unsets the values for caCertificate and authzQueryTemplate from the current LDAP configuration:

curl -X DELETE --digest -i -u "{PUBLIC-KEY}:{PRIVATE-KEY}" \
"https://cloud.mongodb.com/api/atlas/v1.0/groups/6b9edfc387d9d60af01e0c23/userSecurity/ldap/userToDNMapping?pretty=true"

The following example response shows the remaining LDAP configuration for the Atlas project:

{
"ldap" : {
"authenticationEnabled" : true,
"authorizationEnabled" : true,
"authzQueryTemplate" : "{USER}?memberOf?base",
"bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com",
"hostname" : "atlas-ldaps-01.ldap.myteam.com",
"port" : 636
}
}
Give Feedback