Navigation

mongocli atlas security ldap verify

The security ldap verify command verifies an LDAP configuration for an Atlas project. You can also verify an LDAP configuration for an Atlas project using the Atlas API.

You can run the mongocli atlas security ldap verify status command to retrieve the status of the most recent verification request. If the security ldap verify command returns Pending status, you can run the mongocli atlas security ldap verify status watch command to watch for the LDAP configuration to complete.

mongocli atlas security ldap verify
[ --authzQueryTemplate <LDAP-query-template> ]
--bindPassword <bind-password>
--bindUsername <bind-username>
[ --caCertificate <CA-certificate> ]
--hostname <LDAP-server-hostname>
[ --output|-o <output-format> ]
[ --port ]
[ --profile|-P <name-of-profile> ]
[ --projectId <id-of-project> ]
Note

Use -h or --help to view the command-line help for this command.

Option
Type
Description
Required?
--authzQueryTemplate
string

LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs. The query is relative to the host specified with the --hostname option.

The query format must conform to RFC 4515 and RFC 4516. Use the {USER} placeholder in the URL to substitute the authenticated username.

If omitted, Atlas attemps to use the defautl value:

{USER}?memberOf?base

Atlas uses this for user authorization only.

no
--bindPassword
string
Password that Atlas uses to authenticate the bindUsername.
yes
--bindUsername
string
User distinguished name (DN) that Atlas uses to connect to the LDAP server. Value must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.
yes
--caCertificate
string
CA certificate that Atlas uses to verify the identity of the LDAP server. Atlas accepts self-signed certificates.
no
--hostname
string
Hostname or IP address of the LDAP server. The server must be accessible from the public internet or peered to your Atlas cluster with Network Peering.
--output, -o
string

Command output format. Valid values are:

  • json for output in JSON format
  • go-template for custom output using the Go template
  • go-template-file for custom output specified using the Go template file

If omitted, the command returns output in the default format.

no
--port
int
Port that the LDAP server listens for client connections. If omitted, defaults to 636.
no
--profile, -P
string
Name of the profile to use for accessing the Atlas project. If omitted, uses the default profile.
no
--projectId
string

Unique identifier of the project. If omitted, uses the project ID in the profile or environment variable.

yes

If the command succeeds, it returns the following output in the default format. If the command returns errors, see Troubleshooting for recommended solutions.

REQUEST ID PROJECT ID STATUS
<verification-request-ID> <atlas-project-ID> <verification-status>

The default output contains a subset of the fields returned by this command. For the complete list of JSON fields returned by the command, see the API reference.

The following example uses the mongocli atlas security ldap verify command to verify an LDAP configuration for user authentication and authorization. The command uses the default profile for accessing the Atlas project.

mongocli atlas security ldap verify --hostname atlas-ldaps-01.ldap.myteam.com --bindUsername "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com" --bindPassword changeMe

The previous command prints the following to the terminal:

REQUEST ID PROJECT ID STATUS
5fa1accd0bcb85015ae351b1 5e2211c17a3e5a48f5497de3 PENDING
Give Feedback