Overview
The PLAIN authentication mechanism allows you to use your Lightweight Directory Access Protocol (LDAP) username and password to authenticate to MongoDB. LDAP authentication uses the PLAIN Simple Authentication and Security Layer (SASL) defined in RFC-4616.
You can use this mechanism only when authenticating to MongoDB Atlas or MongoDB Enterprise Advanced.
Important
PLAIN SASL is a clear-text authentication mechanism. We strongly recommend that you use TLS/SSL with certificate validation when using PLAIN SASL to authenticate to MongoDB.
To learn more about how to enable TLS for your connection, see Enable TLS/SSL on a Connection.
Code Placeholders
The code examples on this page use the following placeholders:
LDAP username- your LDAP usernamepassword- your LDAP user's passwordhostname- network address of your MongoDB server, accessible by your clientport- port number of your MongoDB server
Authenticate with LDAP (PLAIN)
To specify the LDAP (PLAIN) authentication mechanism by using a connection string:
Assign the
authMechanismURL parameter to the valuePLAIN(optional) Assign the
authSourceURL parameter to the value$external
Note
If you specify the PLAIN mechanism, you cannot assign
authSource to any value other than $external.
Your code to instantiate a MongoClient should resemble the following:
val connectionString = ConnectionString("<LDAP username>:<password>@<hostname>:<port>/?authSource=$external&authMechanism=PLAIN") val mongoClient = MongoClient.create(connectionString)
To specify the LDAP (PLAIN) authentication mechanism by using the
MongoCredential class, use the createPlainCredential()
method. Your code to instantiate a MongoClient should resemble the following:
val credential = MongoCredential.createPlainCredential("<LDAP username>", "$external", "<password>".toCharArray()) val settings = MongoClientSettings.builder() .applyToClusterSettings { builder -> builder.hosts(listOf(ServerAddress("<hostname>", <port>))) } .credential(credential) .build() val mongoClient = MongoClient.create(settings)