In addition to the authentication mechanisms offered in MongoDB Community, MongoDB Enterprise provides integration with the following external authentication mechanisms.
MongoDB Enterprise supports authentication using a Kerberos service. Kerberos is an industry standard authentication protocol for large client/server systems.
For more information on Kerberos and MongoDB, see:
MongoDB Enterprise supports proxy authentication through a Lightweight Directory Access Protocol (LDAP) service.
Changed in version 3.4: MongoDB 3.4 supports using operating system libraries instead of the
daemon, allowing MongoDB 3.4 servers running on Linux and Microsoft Windows
to connect to LDAP servers. Linux MongoDB deployments continue to support
Previous versions of MongoDB support authentication against an LDAP server
using simple and SASL binding via
saslauthd. This restricted LDAP
authentication support to only Linux MongoDB deployments.
See LDAP Proxy Authentication for more information.
New in version 3.4.
MongoDB Enterprise supports querying an LDAP server for the LDAP groups the
authenticated user is a member of. MongoDB maps the Distinguished Names (DN)
of each returned group to roles on the
MongoDB authorizes the user based on the mapped roles and their associated
privileges. See LDAP Authorization for more