Delete an LDAP userToDNMapping¶
Removes the current userToDNMapping
from the LDAP configuration for
an Atlas project. A userToDNMapping
maps the username provided
to a mongod
or mongos
process for authentication to an LDAP
Distinguished Name (DN).
Groups and projects are synonymous terms. Your {GROUP-ID}
is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups
.
https://cloud.mongodb.com/api/atlas/v1.0
Syntax¶
DELETE /groups/{GROUP-ID}/userSecurity
Request Path Parameters¶
Parameter | Required/Optional | Description |
---|---|---|
GROUP-ID | Required | Identifier for the Atlas group associated with the LDAP over TLS/SSL
configuration. |
Request Query Parameters¶
This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.
Name | Type | Necessity | Description | Default | ||||||
---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Optional | Flag indicating if Atlas should wrap the response in a JSON envelope. This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
| false |
Request Body Parameters¶
This endpoint does not use HTTP request body parameters.
Response Elements¶
Name | Type | Description |
---|---|---|
ldap | document | Specifies the LDAP over TLS/SSL configuration details for an
Atlas group. |
ldap.authenticationEnabled | boolean | Specifies whether user authentication with LDAP is enabled. |
ldap.authorizationEnabled | boolean | Specifies whether user authorization with LDAP is enabled.
You cannot enable user authorization with LDAP without first
enabling user authentication with LDAP. |
ldap.authzQueryTemplate | string | The LDAP query template that Atlas executes to obtain the LDAP
groups to which the authenticated user belongs. Used only for user authorization.
Use the {USER} placeholder in the URL to substitute the authenticated
username. The query is relative to the host specified with hostname .
The formatting for the query must conform to RFC4515
and RFC 4516. If you
do not provide a query template, Atlas attempts to use the
default value: {USER}?memberOf?base . |
ldap.hostname | string | The hostname or IP address of the LDAP server. The server
must be visible to the internet or connected to your Atlas
cluster with VPC Peering. |
ldap.port | integer | The port to which the LDAP server listens for client connections. |
ldap.bindUsername | string | The user DN that Atlas uses to connect to the LDAP server.
Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com . |
Example Request¶
The following example unsets the values for caCertificate
and
authzQueryTemplate
from the current LDAP configuration:
curl -X DELETE --digest -i -u "{PUBLIC-KEY}:{PRIVATE-KEY}" \ "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b9edfc387d9d60af01e0c23/userSecurity/ldap/userToDNMapping?pretty=true"
Example Response¶
The following example response shows the remaining LDAP configuration for the Atlas project:
{ "ldap" : { "authenticationEnabled" : true, "authorizationEnabled" : true, "authzQueryTemplate" : "{USER}?memberOf?base", "bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com", "hostname" : "atlas-ldaps-01.ldap.myteam.com", "port" : 636 } }