For AI agents: a documentation index is available at https://www.mongodb.com/pt-br/docs/llms.txt — markdown versions of all pages are available by appending .md to any URL path.
Docs Menu
Docs Home
/ /
ldap
Docs Home
/ /
security
/
ldap
Docs Home
/
Tools
/
Atlas CLI
/
atlas
/
security
/
ldap

atlas security ldap save

Save an LDAP configuration for your project.

To use this command, you must authenticate with a user account, a service account, or an API key with the Project Owner role.

Syntax

Command Syntax
atlas security ldap save [options]

Options

Name
Type
Required
Description

--authenticationEnabled

false

Flag that indicates whether to enable LDAP user authentication.

--authorizationEnabled

false

Flag that indicates whether to enable LDAP user authorization.

--authzQueryTemplate

string

false

RFC 4515-formatted or RFC 4516-formatted LDAP query template that Atlas executes to obtain the LDAP authorization groups to which the authenticated user belongs. Use the {USER} placeholder in the URL to substitute the username. The query is relative to the host specified with the hostname.

--bindPassword

string

false

Password used to authenticate the bindUsername.

--bindUsername

string

true

User distinguished name (DN) that Atlas uses to connect to the LDAP server. You must format LDAP distinguished names according to RFC 2253.

--caCertificate

string

false

Certificate Authority (CA) used to verify the identity of the LDAP server. To delete an assigned value, pass an empty string.

-h, --help

false

help for save

--hostname

string

true

Hostname or IP address of the LDAP server.

--mappingLdapQuery

string

false

RFC 4515-formatted or RFC 4516-formatted LDAP query template that inserts the LDAP name that the regex matches into an LDAP query URI.

Mutually exclusive with --mappingSubstitution, --mappingSubstitution.

--mappingMatch

string

false

ECMAScript-formatted regular expression (regex) to match against a provided username.

--mappingSubstitution

string

false

LDAP distinguished name (DN) template that converts the LDAP username that matches the regex specified in the match option into an LDAP DN.

Mutually exclusive with --mappingLdapQuery, --mappingLdapQuery.

-o, --output

string

false

Output format. Valid values are json, json-path, go-template, or go-template-file. To see the full output, use the -o json option.

--port

int

false

Port that the LDAP server listens to for client connections. This value defaults to 636.

--projectId

string

false

Hexadecimal string that identifies the project to use. This option overrides the settings in the configuration file or environment variable.

Inherited Options

Name
Type
Required
Description

-P, --profile

string

false

Name of the profile to use from your configuration file. To learn about profiles for the Atlas CLI, see https://dochub.mongodb.org/core/atlas-cli-save-connection-settings.

Output

If the command succeeds, the CLI returns output similar to the following sample. Values in brackets represent your values.

HOSTNAME          PORT          AUTHENTICATION                 AUTHORIZATION
<Ldap.Hostname>   <Ldap.Port>   <Ldap.AuthenticationEnabled>   <Ldap.AuthorizationEnabled>

Examples

# Save an LDAP server configuration to authenticate and authorize MongoDB users for the host atlas-ldaps-01.ldap.myteam.com:
atlas security ldap save --authenticationEnabled --authorizationEnabled
--hostname atlas-ldaps-01.ldap.myteam.com --bindUsername
"CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com"
--bindPassword changeMe

Back

get

Next

verify

On this page