This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Configure Monitoring Agent for LDAP


If your MongoDB deployment enforces access control, the Monitoring Agent must authenticate to MongoDB as a user with the proper access.

LDAP is a standard protocol for accessing user credential data. Starting in version 2.6, MongoDB Enterprise provides an LDAP (plain) authentication mechanism that allows clients to authenticate to MongoDB deployments using LDAP. Monitoring Agents support authenticating to MongoDB instances using LDAP.

If your MongoDB deployment uses LDAP to authenticate users, to authenticate the Monitoring Agent, create a user in the $external database with the appropriate roles in MongoDB.


You must configure LDAP authentication separately for the Monitoring Agent and for the Backup Agent.

You can configure LDAP authentication when adding a host or later by editing the host.


There are additional authentication configuration requirements for Ops Manager Monitoring when using MongoDB 2.4 with authentication. See Required Access for Monitoring Agent for more information.

Create User in MongoDB

To monitor MongoDB 2.6 instances that are using LDAP authentication, add a user to the $external database in MongoDB with the appropriate roles. The $external database allows mongod to consult an external source (e.g. LDAP) to authenticate.

      user : "<username>",
      roles: [ { role: "clusterMonitor", db: "admin" } ]

See Access Control for MongoDB 2.6 for more information on the required access.

Host Settings

In addition to adding the agent as a MongoDB user, you must also specify the host’s authentication settings. You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.