Navigation

Verify an LDAP Configuration

Requests a verification of an LDAP configuration over SSL for an Atlas group. Pass the requestId in the response object to the /api/atlas/v1.0/groups/{GROUP-ID}/userSecurity/ldap/verify/{REQUEST-ID} endpoint to get the status of a verification request. Atlas retains only the most recent request for each group.

Note

  • An explanation of RFC4515 and RFC 4516 is out of scope for the MongoDB documentation. Please review the RFCs or refer to your preferred LDAP documentation.
  • This endpoint does not verify the ldap.userToDNMapping document array. To verify that users can authenticate with this parameter, use the mongoldap package component bundled with MongoDB Enterprise 3.4+ with a config file that includes the same LDAP parameters that you specify for Atlas.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project id. For existing groups, your group/project id remains the same. This page uses the more familiar term group. The endpoints are as stated on the page.

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Syntax

POST /groups/{GROUP-ID}/userSecurity/ldap/verify

Request Path Parameters

Parameter Required/Optional Description
GROUP-ID Required Identifier for the Atlas group associated with the request to verify an LDAP over SSL configuration.

Request Query Parameters

This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.

Name Type Description Default
pageNum integer Page number (1-based). 1
itemsPerPage integer Maximum number of items to return, up to a maximum of 100. 100
pretty boolean Display response in a prettyprint format. false

Request Body Parameters

Name Type Description
hostname string The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering. Required.
port integer The port to which the LDAP server listens for client connections. Required. Default: 636.
bindUsername string The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com. Required.
bindPassword string The password used to authenticate the bindUsername. Required.
caCertificate object CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed. Optional.
authzQueryTemplate string An LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs. Used only for user authorization. Use the {USER} placeholder in the URL to substitute the authenticated username. The query is relative to the host specified with hostname. The formatting for the query must conform to RFC4515 and RFC 4516. If you do not provide a query template, Atlas attempts to use the default value: {USER}?memberOf?base. Optional.

Response Elements

Name Type Description
groupId string Identifier for the Atlas group associated with the request to verify an LDAP over SSL configuration.
links document array One or more links to sub-resources. The relations in the URLs are explained in the Web Linking Specification.
request document Contains the details of the request to verify an LDAP over SSL configuration. The bindPassword is not returned in the response.
request.bindUsername string The user DN that Atlas uses to connect to the LDAP server.
request.hostname string The hostname or IP address of the LDAP server.
request.port integer The port to which the LDAP server listens for client connections from Atlas.
requestId string The unique identifer for the request to verify the LDAP over SSL configuration.
status string The current status of the LDAP over SSL configuration. One of the following values: PENDING, SUCCESS, and FAIL.
validations array

Array of validation messages related to the verification of the provided LDAP over SSL configuration details. The array contains a document for each test that Atlas runs. Atlas stops running tests after the first failure. The following return values are possible:

{
status: "OK" || "FAIL",
validationType: "SERVER_SPECIFIED"
}
{
status: "OK" || "FAIL",
validationType: "CONNECT"
}
{
status: "OK" || "FAIL",
validationType: "AUTHENTICATE"
}
{
status: "OK" || "FAIL",
validationType: "AUTHORIZATION_ENABLED"
}
{
status: "OK" || "FAIL",
validationType: "PARSE_AUTHZ_QUERY_TEMPLATE"
}
{
status: "OK" || "FAIL",
validationType: "QUERY_SERVER"
}

Example Request

The following example requests verification of an LDAP configuration.

curl -X POST -i -u "fred@example.com:457026b5-07a6-40a9-9706-ae0b374e775g" /
   -H "Content-Type: application/json" --digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b8df67087d9d615da86401c/userSecurity/ldap/verify?pretty=true" --data '
   {
     "hostname":"atlas-ldaps-01.ldap.myteam.com",
     "port": 636,
     "bindUsername":"N=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com",
     "bindPassword":"MyldapPassWord",
     "authzQueryTemplate": "{USER}?memberOfGroup?base"
   }'

Example Response

The following response indicates that the request for verification for the LDAP configuration is pending.

{
  "groupId" : "6b8df67087d9d615da86401c",
  "links" : [ {
     "href" : "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b8df67087d9d615da86401c/userSecurity/ldap/verify/6bc01f8e87d9d61d96c1b635",
     "rel" : "self"
  } ],
  "request" : {
  "bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com",
  "hostname" : "atlas-ldaps-01.ldap.myteam.com",
  "port" : 636
  },
  "requestId" : "6bc01f8e87d9d61d96c1b635",
  "status" : "PENDING",
  "validations" : [ ],
}