Docs Menu
Docs Home
/
Languages
/
Rust
/
Rust Driver
/
Fundamentals

Enterprise Authentication Mechanisms

On this page

  • Overview
  • Authenticate to LDAP (PLAIN)
  • Example
  • Additional Information
  • API Documentation

Overview

In this guide, you can learn how to authenticate to MongoDB using the authentication mechanisms available in the MongoDB Enterprise Edition. When you connect to MongoDB, you can use an authentication mechanism to establish trust between the driver and the server.

The Rust driver supports authenticating to a Lightweight Directory Access Protocol (LDAP) server by using the LDAP (PLAIN) enterprise authentication mechanism.

Note

GSSAPI/Kerberos Authentication

The driver does not support the GSSAPI/Kerberos authentication mechanism, but you can use other methods to authenticate this way. To learn more about these methods, see Kerberos Authentication in the Server manual.

Tip

See also:

To authenticate to MongoDB by using mechanisms available in the MongoDB Community Edition, see the guide on Authentication Mechanisms.

To learn more about connecting to a MongoDB deployment, see the Connection Guide.

To select a specific authentication mechanism, specify the mechanism, your credentials, and other necessary information in the options of your connection string or in a Credential struct.

Authenticate to LDAP (PLAIN)

You can authenticate to a Lightweight Directory Access Protocol (LDAP) server by using your directory server username and password.

The name of the authentication mechanism is PLAIN instead of LDAP because the mechanism uses the PLAIN Simple Authentication and Security Layer (SASL) defined in RFC-4616.

Warning

This authentication mechanism sends your password to the server in plaintext. Use this mechanism only after enabling TLS on your connection to improve security and reduce vulnerabilities in your application.

To learn more, see TLS/SSL (Transport Encryption) in the Server manual.

Example

To specify the PLAIN authentication mechanism, set the mechanism field of your Credential struct to AuthMechanism::Plain. This example specifies the authentication mechanism by using the following placeholders:

  • username: Your LDAP username

  • password: Your LDAP password

let plain_cred = Credential::builder()
    .username("<username>".to_string())
    .password("<password>".to_string())
    .mechanism(AuthMechanism::Plain)
    .source("$external".to_string())
    .build();
client_options.credential = Some(plain_cred);
let client = Client::with_options(client_options)?;

Note

Authentication Database

Because your credentials are stored outside of MongoDB, you must use the $external database for authentication. The source field of the Credential struct defaults to $external, so you can omit this field.

Alternatively, you can authenticate by using a connection string URI by setting the value of the authMechanism connection string option to PLAIN. This example shows how to specify the PLAIN authentication mechanism in a connection string URI by using the following placeholders:

  • username: Your LDAP username

  • password: Your LDAP password

  • hostname: The network address of your MongoDB server

let uri = "mongodb://<username>:<password>@<hostname>/?authSource=$external&authMechanism=PLAIN";

Additional Information

To learn more about the concepts in this guide, see the following documentation:

API Documentation

To learn more about the methods and types mentioned in this guide, see the following API documentation:

Back

Authentication Mechanisms

Next

CRUD Operations