Verify an LDAP Configuration¶
On this page
Requests a verification of an LDAP configuration over TLS for an
Atlas project. Pass the requestId in the response object to the
Verify LDAP Configuration
endpoint to get the status of a verification request. Atlas
retains only the most recent request for each project.
- Explaining RFC 4515 and RFC 4516 falls out of scope of the Atlas documentation. Review these RFCs or refer to your preferred LDAP documentation.
- Groups and projects are synonymous.
{GROUP-ID}and{GROUP-ID}have the same meaning. The unique identifier for your existing projects/groups remains the same. This endpoint and corresponding endpoints use the termsgroupsandgroupId. - This endpoint does not verify the
ldap.userToDNMappingdocument array. To verify that users can authenticate with this parameter, use the mongoldap package component bundled with MongoDB Enterprise 3.6 or later with a config file that includes the same LDAP parameters that you specify for Atlas.
https://cloud.mongodb.com/api/atlas/v1.0
Syntax¶
POST /groups/{GROUP-ID}/userSecurity/ldap/verify
Request Path Parameters¶
Parameter | Type | Necessity | Description |
|---|---|---|---|
GROUP-ID | string | Required | Unique identifier for the Atlas project associated with the
LDAP over TLS configuration. |
Request Query Parameters¶
This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.
Name | Type | Necessity | Description | Default | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Optional | Flag indicating if Atlas should wrap the response in a JSON envelope. This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
| false |
Request Body Parameters¶
Name | Type | Description |
|---|---|---|
hostname | string | The hostname or IP address of the LDAP server. The server
must be visible to the internet or connected to your Atlas
cluster with VPC Peering.
Required. |
port | integer | The port to which the LDAP server listens for client connections.
Required. Default: 636. |
bindUsername | string | The user DN that Atlas uses to connect to the LDAP server.
Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.
Required. |
bindPassword | string | The password used to authenticate the bindUsername. Required. |
caCertificate | object | CA certificate used to verify the identify of the LDAP server.
Self-signed certificates are allowed. Optional. |
authzQueryTemplate | string | An LDAP query template that Atlas executes to obtain the LDAP
groups to which the authenticated user belongs. Used only for user authorization.
Use the {USER} placeholder in the URL to substitute the authenticated
username. The query is relative to the host specified with hostname.
The formatting for the query must conform to RFC4515
and RFC 4516. If you
do not provide a query template, Atlas attempts to use the
default value: {USER}?memberOf?base. Optional. |
Response Elements¶
Name | Type | Description |
|---|---|---|
groupId | string | Identifier for the Atlas project associated with the request
to verify an LDAP over TLS/SSL configuration. |
links | document array | One or more links to sub-resources. The relations in the URLs
are explained in the Web Linking Specification. |
request | document | Contains the details of the request to verify an LDAP over TLS/SSL
configuration. The bindPassword is not returned in the response. |
request.bindUsername | string | The user DN that Atlas uses to connect to the LDAP server. |
request.hostname | string | The hostname or IP address of the LDAP server. |
request.port | integer | The port to which the LDAP server listens for client connections
from Atlas. |
requestId | string | The unique identifer for the request to verify the LDAP over TLS/SSL
configuration. |
status | string | The current status of the LDAP over TLS/SSL configuration. One of the
following values: PENDING, SUCCESS, and FAIL. |
validations | array | Array of validation messages related to the verification of the provided LDAP over TLS/SSL configuration details. The array contains a document for each test that Atlas runs. Atlas stops running tests after the first failure. The following return values are possible: {status: "OK" || "FAIL",validationType: "SERVER_SPECIFIED"}{status: "OK" || "FAIL",validationType: "CONNECT"}{status: "OK" || "FAIL",validationType: "AUTHENTICATE"}{status: "OK" || "FAIL",validationType: "AUTHORIZATION_ENABLED"}{status: "OK" || "FAIL",validationType: "PARSE_AUTHZ_QUERY_TEMPLATE"}{status: "OK" || "FAIL",validationType: "QUERY_SERVER"} |
Example Request¶
The following example requests verification of an LDAP configuration.
1 curl --include --user "{PUBLIC-KEY}:{PRIVATE-KEY}" \ 2 --header "Accept: application/json" \ 3 --header "Content-Type: application/json" \ 4 --digest \ 5 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/userSecurity/ldap/verify?pretty=true" \ 6 --data ' 7 { 8 "hostname":"atlas-ldaps-01.ldap.myteam.com", 9 "port": 636, 10 "bindUsername":"N=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com", 11 "bindPassword":"MyldapPassWord", 12 "authzQueryTemplate": "{USER}?memberOfGroup?base" 13 }'
Example Response¶
The following response indicates that the request for verification for the LDAP configuration is pending.
1 { 2 "groupId" : "{GROUP-ID}", 3 "links" : [ { 4 "href" : "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/userSecurity/ldap/verify/{REQUEST-ID}", 5 "rel" : "self" 6 } ], 7 "request" : { 8 "bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com", 9 "hostname" : "atlas-ldaps-01.ldap.myteam.com", 10 "port" : 636 11 }, 12 "requestId" : "{REQUEST-ID}", 13 "status" : "PENDING", 14 "validations" : [ ], 15 }