Verify an LDAP Configuration¶

On this page

Syntax
Response Elements
Example Request
Example Response

Requests a verification of an LDAP configuration over TLS/SSL for an Atlas project. Pass the requestId in the response object to the /api/atlas/v1.0/groups/{GROUP-ID}/userSecurity/ldap/verify/{REQUEST-ID} endpoint to get the status of a verification request. Atlas retains only the most recent request for each project.

Note

An explanation of RFC4515 and RFC 4516 is out of scope for the MongoDB documentation. Please review the RFCs or refer to your preferred LDAP documentation.
This endpoint does not verify the ldap.userToDNMapping document array. To verify that users can authenticate with this parameter, use the mongoldap package component bundled with MongoDB Enterprise 3.4+ with a config file that includes the same LDAP parameters that you specify for Atlas.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Syntax¶

copy

POST /groups/{GROUP-ID}/userSecurity/ldap/verify

Request Path Parameters¶

Parameter	Required/Optional	Description
`GROUP-ID`	Required	Identifier for the Atlas project associated with the request to verify an LDAP over TLS/SSL configuration.

Request Query Parameters¶

The following query parameters are optional:

Query Parameter	Type	Description	Default
`pretty`	boolean	Displays response in a prettyprint format.	`false`
`envelope`	boolean	Specifies whether or not to wrap the response in an envelope.	`false`

Request Body Parameters¶

Name	Type	Description
`hostname`	string	The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering. Required.
`port`	integer	The port to which the LDAP server listens for client connections. Required. Default: `636`.
`bindUsername`	string	The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as `CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com`. Required.
`bindPassword`	string	The password used to authenticate the `bindUsername`. Required.
`caCertificate`	object	CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed. Optional.
`authzQueryTemplate`	string	An LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs. Used only for user authorization. Use the {USER} placeholder in the URL to substitute the authenticated username. The query is relative to the host specified with `hostname`. The formatting for the query must conform to RFC4515 and RFC 4516. If you do not provide a query template, Atlas attempts to use the default value: `{USER}?memberOf?base`. Optional.

Response Elements¶

Name	Type	Description
`groupId`	string	Identifier for the Atlas project associated with the request to verify an LDAP over TLS/SSL configuration.
`links`	document array	One or more links to sub-resources. The relations in the URLs are explained in the Web Linking Specification.
`request`	document	Contains the details of the request to verify an LDAP over TLS/SSL configuration. The `bindPassword` is not returned in the response.
`request.bindUsername`	string	The user DN that Atlas uses to connect to the LDAP server.
`request.hostname`	string	The hostname or IP address of the LDAP server.
`request.port`	integer	The port to which the LDAP server listens for client connections from Atlas.
`requestId`	string	The unique identifer for the request to verify the LDAP over TLS/SSL configuration.
`status`	string	The current status of the LDAP over TLS/SSL configuration. One of the following values: `PENDING`, `SUCCESS`, and `FAIL`.
`validations`	array	Array of validation messages related to the verification of the provided LDAP over TLS/SSL configuration details. The array contains a document for each test that Atlas runs. Atlas stops running tests after the first failure. The following return values are possible: `{` `status: "OK" \|\| "FAIL",` `validationType: "SERVER_SPECIFIED"` `}` `{` `status: "OK" \|\| "FAIL",` `validationType: "CONNECT"` `}` `{` `status: "OK" \|\| "FAIL",` `validationType: "AUTHENTICATE"` `}` `{` `status: "OK" \|\| "FAIL",` `validationType: "AUTHORIZATION_ENABLED"` `}` `{` `status: "OK" \|\| "FAIL",` `validationType: "PARSE_AUTHZ_QUERY_TEMPLATE"` `}` `{` `status: "OK" \|\| "FAIL",` `validationType: "QUERY_SERVER"` `}`

Example Request¶

The following example requests verification of an LDAP configuration.

copy

curl -X POST -i -u "fred@example.com:457026b5-07a6-40a9-9706-ae0b374e775g" /
   -H "Content-Type: application/json" --digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b8df67087d9d615da86401c/userSecurity/ldap/verify?pretty=true" --data '
   {
     "hostname":"atlas-ldaps-01.ldap.myteam.com",
     "port": 636,
     "bindUsername":"N=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com",
     "bindPassword":"MyldapPassWord",
     "authzQueryTemplate": "{USER}?memberOfGroup?base"
   }'

Example Response¶

The following response indicates that the request for verification for the LDAP configuration is pending.

copy

{
  "groupId" : "6b8df67087d9d615da86401c",
  "links" : [ {
     "href" : "https://cloud.mongodb.com/api/atlas/v1.0/groups/6b8df67087d9d615da86401c/userSecurity/ldap/verify/6bc01f8e87d9d61d96c1b635",
     "rel" : "self"
  } ],
  "request" : {
  "bindUsername" : "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com",
  "hostname" : "atlas-ldaps-01.ldap.myteam.com",
  "port" : 636
  },
  "requestId" : "6bc01f8e87d9d61d96c1b635",
  "status" : "PENDING",
  "validations" : [ ],
}

← LDAP Configuration Get Status of a Request to Verify LDAP Configuration →