- This version of the documentation is archived and no longer supported. View the current documentation to learn how to upgrade your version of the Atlas CLI.
Save an LDAP configuration for your project.
To use this command, you must authenticate with a user account or an API key with the Project Owner role.
Syntax
atlas security ldap save [options]
Options
Name | Type | Required | Description |
|---|---|---|---|
--authenticationEnabled | false | Flag that indicates whether to enable LDAP user authentication. | |
--authorizationEnabled | false | Flag that indicates whether to enable LDAP user authorization. | |
--authzQueryTemplate | string | false | RFC 4515-formatted or RFC 4516-formatted LDAP query template that Atlas executes to obtain the LDAP authorization groups to which the authenticated user belongs. Use the {USER} placeholder in the URL to substitute the username. The query is relative to the host specified with the hostname. |
--bindPassword | string | false | Password used to authenticate the bindUsername. |
--bindUsername | string | true | User distinguished name (DN) that Atlas uses to connect to the LDAP server. You must format LDAP distinguished names according to RFC 2253. |
--caCertificate | string | false | Certificate Authority (CA) used to verify the identity of the LDAP server. To delete an assigned value, pass an empty string. |
-h, --help | false | help for save | |
--hostname | string | true | Hostname or IP address of the LDAP server. |
--mappingLdapQuery | string | false | RFC 4515-formatted or RFC 4516-formatted LDAP query template that inserts the LDAP name that the regex matches into an LDAP query URI. Mutually exclusive with --mappingSubstitution, --mappingSubstitution. |
--mappingMatch | string | false | ECMAScript-formatted regular expression (regex) to match against a provided username. |
--mappingSubstitution | string | false | LDAP distinguished name (DN) template that converts the LDAP username that matches the regex specified in the match option into an LDAP DN. Mutually exclusive with --mappingLdapQuery, --mappingLdapQuery. |
-o, --output | string | false | Output format. Valid values are json, json-path, go-template, or go-template-file. To see the full output, use the -o json option. |
--port | int | false | Port that the LDAP server listens to for client connections. This value defaults to 636. |
--projectId | string | false | Hexadecimal string that identifies the project to use. This option overrides the settings in the configuration file or environment variable. |
Inherited Options
Name | Type | Required | Description |
|---|---|---|---|
-P, --profile | string | false | Name of the profile to use from your configuration file. To learn about profiles for the Atlas CLI, see https://dochub.mongodb.org/core/atlas-cli-save-connection-settings. |
Output
If the command succeeds, the CLI returns output similar to the following sample. Values in brackets represent your values.
HOSTNAME PORT AUTHENTICATION AUTHORIZATION <Ldap.Hostname> <Ldap.Port> <Ldap.AuthenticationEnabled> <Ldap.AuthorizationEnabled>
Examples
# Save an LDAP server configuration to authenticate and authorize MongoDB users for the host atlas-ldaps-01.ldap.myteam.com: atlas security ldap save --authenticationEnabled --authorizationEnabled --hostname atlas-ldaps-01.ldap.myteam.com --bindUsername "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com" --bindPassword changeMe