[go: up one dir, main page]
Scribd
Upload
19 views12 pages

Configure Ldap With Mongodb Athentication

This document provides a step-by-step guide for integrating LDAP with MongoDB authentication using OpenLDAP. It covers prerequisites, server setup, OpenLDAP installation and configuration, creating base groups for users, and configuring MongoDB to use LDAP for authentication. The document also includes commands for testing the LDAP authentication setup.

Uploaded by

awsmain37
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
19 views12 pages

Configure Ldap With Mongodb Athentication

This document provides a step-by-step guide for integrating LDAP with MongoDB authentication using OpenLDAP. It covers prerequisites, server setup, OpenLDAP installation and configuration, creating base groups for users, and configuring MongoDB to use LDAP for authentication. The document also includes commands for testing the LDAP authentication setup.

Uploaded by

awsmain37
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 12

integrating ldap with mongodb athentication

Prerequisites
• MongoDB Enterprise Edition (LDAP integration is only available in Enterprise).
• An operational LDAP server.

Setup Server Hostname:


Right off the bat, you need to configure the hostname or Fully Qualified Doman Name ( FQDN) for
your server. In this guide, we will configure the OpenLDAP server with the
hostname ldap01.example.com and the IP address 192.168.3.81.
Run the following command as root. Be sure to replace ldap01.example.com with your preferred
server domain and hostname
1. hostnamectl set-hostname ldap01.example.com

Next, update the /etc/hosts file with the server hostname and corresponding IP address for hostname
resolution within the network.

2. echo '192.168.3.81 ldap01.example.com' >> /etc/hosts

Now ping the server hostname and you will get a positive ping output.

3. ping -c 3 ldap01.example.com

Install OpenLDAP Packages:


The Next Step Is To Install OpenLDAP. To Do So Run The Following Command To Install The
OpenLDAP Packages.
Sudo Apt Install Slapd Ldap-utils

During the installation, you will be prompted to configure administrator password for your LDAP
server. Provide a strong one and hit ENTER.

Next, re-enter the password to confirm your password and hit ENTER.
Setup OpenLDAP Server:

Once OpenLDAP is successfully installed, you need to go a step further and reconfigure the main
package. This is the slapd package. To accomplish this, run the following command.
Dpkg-reconfigure Slapd

Next, provide a DNS domain name. This will be used to construct the base DN of the LDAP
directory. In this example, we will use the domain name example.com. As such, the DN will be
represented as “dc=example,dc=com”. The hit ‘ENTER’
Next, provide a name for your organization that will also form part of the base DN. Once again, we
will provide the same name as the domain name.

Next, provide the Administrator password for your LDAP directory and hit ‘ENTER’.
Be sure to confirm it and press ‘ENTER’

When prompted to remove the database when slapd is purged, select ‘NO’.

When prompted to remove the database when slapd is purged, select ‘NO’.

Finally, select ‘Yes’ to remove the old database to create room for a new database.
Next, you need to make changes to the main OpenLDAP configuration file So open it using your
preferred editor. Here we are using nano.

sudo nano /etc/ldap/ldap.conf

systemctl restart slapd


systemctl status slapd

Install the phpldapadmin:


run this command in terminal
sudo apt install phpldapadmin

Now open the browser and search this dns name

http://ldap01.example.com/phpldapadmin/
login the admin account

Then run the following command to confirm the OpenLDAP basic configuration. This should give
you the following output:
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:///

Setup Base group for OpenLDAP Users:

The next step is to create a new base group for OpenLDAP users. To demonstrate this, we will
create two base groups: people and groups. The ‘people’ group will be used for storing regular users
while the ‘groups’ group will store the groups on your LDAP server.
Save the changes and exit.
To add the base groups, run the ‘ldapadd ‘ command against the ‘base-groups.ldif’ file. Provide the
OpenLDAP admin password when prompted and press ‘ENTER’.

ldapadd -x -D cn=admin,dc=example,dc=com -W -f base-groups.ldif

To confirm that the groups have been added, run the following command.

ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:///


Now create the new users

1. click the create new entry here

2. click the user account


3. add the details

Now Install the Mongodb:

click the link and download the mongodbsh

https://www.mongodb.com/try/download/enterprise

Set Up MongoDB for LDAP Authentication:

MongoDB supports LDAP authentication, so you need to configure MongoDB to authenticate using
an LDAP server.
Enable LDAP Authentication:
You need to configure MongoDB to use the LDAP authentication mechanism by modifying the
mongod.conf file. The configuration should look like this:
root@ldap01:/home/balaji/Documents/ldap# cat /etc/mongod.conf
# mongod.conf

# for documentation of all options, see:


# http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.


storage:
dbPath: /var/lib/mongodb
# engine:
# wiredTiger:

# where to write logging data.


systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log

# network interfaces
net:
port: 27017
bindIp: 127.0.0.1

# how the process runs


processManagement:
timeZoneInfo: /usr/share/zoneinfo

security:
authorization: "enabled"
ldap:
servers: "ldap01.example.com"
transportSecurity: none
authz:
queryTemplate: "dc=example,dc=com??sub?(&(objectClass=groupOfNames)
(member={PROVIDED_USER}))"

setParameter:
authenticationMechanisms: "PLAIN"

Test LDAP Authentication:


mongosh -u "cn=test,dc=example,dc=com" -p "your-password" --authenticationDatabase '$external'
--authenticationMechanism 'PLAIN'

You might also like