Delete an LDAP userToDNMapping¶
Removes the current userToDNMapping from the LDAP configuration for
an Atlas project. A userToDNMapping maps the username provided
to a mongod or mongos process for authentication to an LDAP
Distinguished Name (DN).
Groups and projects are synonymous terms. Your {GROUP-ID} is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups.
https://cloud.mongodb.com/api/atlas/v1.0
Syntax¶
DELETE /groups/{GROUP-ID}/userSecurity
Request Path Parameters¶
Parameter | Required/Optional | Description |
|---|---|---|
GROUP-ID | Required | Identifier for the Atlas group associated with the LDAP over TLS/SSL
configuration. |
Request Query Parameters¶
This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.
Name | Type | Necessity | Description | Default | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Optional | Flag indicating if Atlas should wrap the response in a JSON envelope. This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
| false |
Request Body Parameters¶
This endpoint does not use HTTP request body parameters.
Response Elements¶
Name | Type | Description |
|---|---|---|
ldap | document | Specifies the LDAP over TLS/SSL configuration details for an
Atlas group. |
ldap.authenticationEnabled | boolean | Specifies whether user authentication with LDAP is enabled. |
ldap.authorizationEnabled | boolean | Specifies whether user authorization with LDAP is enabled.
You cannot enable user authorization with LDAP without first
enabling user authentication with LDAP. |
ldap.authzQueryTemplate | string | The LDAP query template that Atlas executes to obtain the LDAP
groups to which the authenticated user belongs. Used only for user authorization.
Use the {USER} placeholder in the URL to substitute the authenticated
username. The query is relative to the host specified with hostname.
The formatting for the query must conform to RFC4515
and RFC 4516. If you
do not provide a query template, Atlas attempts to use the
default value: {USER}?memberOf?base. |
ldap.hostname | string | The hostname or IP address of the LDAP server. The server
must be visible to the internet or connected to your Atlas
cluster with VPC Peering. |
ldap.port | integer | The port to which the LDAP server listens for client connections. |
ldap.bindUsername | string | The user DN that Atlas uses to connect to the LDAP server.
Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com. |
Example Request¶
The following example unsets the values for caCertificate and
authzQueryTemplate from the current LDAP configuration:
curl -X DELETE --digest -i -u "{PUBLIC-KEY}:{PRIVATE-KEY}" \ "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b9edfc387d9d60af01e0c23/userSecurity/ldap/userToDNMapping?pretty=true"
Example Response¶
The following example response shows the remaining LDAP configuration for the Atlas project:
{ "ldap" : { "authenticationEnabled" : true, "authorizationEnabled" : true, "authzQueryTemplate" : "{USER}?memberOf?base", "bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com", "hostname" : "atlas-ldaps-01.ldap.myteam.com", "port" : 636 } }