Enterprise Authentication Mechanisms

In addition to the authentication mechanisms offered, MongoDB Enterpriseprovides integration with the following authentication mechanisms.

Kerberos Authentication

MongoDB Enterprisesupports authentication using a Kerberos service. Kerberos is an industrystandard authentication protocol for large client/server systems.

To use MongoDB with Kerberos, you must have a properly configuredKerberos deployment, configured Kerberos service principals for MongoDB, and added Kerberosuser principal to MongoDB.

For more information on Kerberos and MongoDB, see:

• Kerberos Authentication,
• Configure MongoDB with Kerberos Authentication on Linux and
• Configure MongoDB with Kerberos Authentication on Windows.

LDAP Proxy Authentication

MongoDB Enterprise supportsproxy authentication through a Lightweight Directory Access Protocol(LDAP) service.

Changed in version 3.4: MongoDB 3.4 supports using operating system libraries instead of thesaslauthddaemon, allowing MongoDB 3.4 servers running on Linux and Microsoft Windowsto connect to LDAP servers. Linux MongoDB deployments continue to supportsaslauthd.

Previous versions of MongoDB support authentication against an LDAP serverusing simple and SASL binding via saslauthd. This restricted LDAPauthentication support to only Linux MongoDB deployments.

See LDAP Proxy Authentication for more information.

LDAP Authorization

New in version 3.4.

MongoDB Enterprise supports querying an LDAP server for the LDAP groups theauthenticated user is a member of. MongoDB maps the Distinguished Names (DN)of each returned group to roles on the admin database.MongoDB authorizes the user based on the mapped roles and their associatedprivileges. See LDAP Authorization for moreinformation.

See also

• LDAP Proxy Authentication,
• Authenticate Using SASL and LDAP with OpenLDAP and
• Authenticate Using SASL and LDAP with ActiveDirectory.