Configure Monitoring Agent for LDAP¶

On this page

Overview
Considerations
Prerequisites
Create User in MongoDB
Host Settings

Overview¶

If your MongoDB deployment enforces access control, the Monitoring Agent must authenticate to MongoDB as a user with the proper access.

LDAP is a standard protocol for accessing user credential data. Starting in version 2.6, MongoDB Enterprise provides an LDAP (plain) authentication mechanism that allows clients to authenticate to MongoDB deployments using LDAP. Monitoring Agents support authenticating to MongoDB instances using LDAP.

If your MongoDB deployment uses LDAP to authenticate users, to authenticate the Monitoring Agent, create a user in the $external database with the appropriate roles in MongoDB.

Considerations¶

You must configure LDAP authentication separately for the Monitoring Agent and for the Backup Agent.

You can configure LDAP authentication when adding a host or later by editing the host.

Prerequisites¶

There are additional authentication configuration requirements for Ops Manager Monitoring when using MongoDB 2.4 with authentication. See Required Access for Monitoring Agent for more information.

Create User in MongoDB¶

To monitor MongoDB 2.6 instances that are using LDAP authentication, add a user to the $external database in MongoDB with the appropriate roles. The $external database allows mongod to consult an external source (e.g. LDAP) to authenticate.

copy

db.getSiblingDB("$external").createUser(
    {
      user : "<username>",
      roles: [ { role: "clusterMonitor", db: "admin" } ]
    }
)

See Access Control for MongoDB 2.6 for more information on the required access.

Host Settings¶

In addition to adding the agent as a MongoDB user, you must also specify the host’s authentication settings. You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.

← Add Monitoring Agent User for MONGODB-CR Configure the Monitoring Agent for Kerberos →