mongocli atlas security ldap verify
The security ldap verify command verifies an LDAP
configuration for an Atlas project. You
can also verify an LDAP configuration for
an Atlas project using the Atlas API.
You can run the
mongocli atlas security ldap verify status command
to retrieve the status of the most recent verification
request. If the security ldap verify command returns
Pending status, you can run the
mongocli atlas security ldap verify status watch
command to watch for the LDAP configuration to complete.
Syntax
mongocli atlas security ldap verify [ --authzQueryTemplate <LDAP-query-template> ] --bindPassword <bind-password> --bindUsername <bind-username> [ --caCertificate <CA-certificate> ] --hostname <LDAP-server-hostname> [ --output|-o <output-format> ] [ --port ] [ --profile|-P <name-of-profile> ] [ --projectId <id-of-project> ]
Note
Use -h or --help to view the command-line help for
this command.
Options
Option | Type | Description | Required? | |
|---|---|---|---|---|
--authzQueryTemplate | string | LDAP query template that Atlas executes to obtain the
LDAP groups to which the authenticated user belongs. The
query is relative to the host specified with the The query format must conform to RFC 4515 and RFC 4516. Use the If omitted, Atlas attemps to use the defautl value: Atlas uses this for user authorization only. | no | |
--bindPassword | string | Password that Atlas uses to authenticate the
bindUsername. | yes | |
--bindUsername | string | User distinguished name (DN) that Atlas uses to connect
to the LDAP server. Value must be the full DN, such as
CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com. | yes | |
--caCertificate | string | CA certificate that Atlas uses to verify the identity of
the LDAP server. Atlas accepts self-signed certificates. | no | |
--hostname | string | Hostname or IP address of the LDAP server. The server must be
accessible from the public internet or peered to your Atlas cluster
with Network Peering. | ||
--output, -o | string | Command output format. Valid values are:
If omitted, the command returns output in the default format. | no | |
--port | int | Port that the LDAP server listens for client connections. If
omitted, defaults to 636. | no | |
--profile, -P | string | Name of the profile to use for accessing the Atlas
project. If omitted, uses the default profile. | no | |
--projectId | string | Unique identifier of the project. If omitted, uses the project ID in the profile or environment variable. | yes |
Output
If the command succeeds, it returns the following output in the default format. If the command returns errors, see Troubleshooting for recommended solutions.
REQUEST ID PROJECT ID STATUS <verification-request-ID> <atlas-project-ID> <verification-status>
The default output contains a subset of the fields returned by this command. For the complete list of JSON fields returned by the command, see the API reference.
Example
The following example uses the mongocli atlas security ldap verify
command to verify an LDAP configuration for user authentication and
authorization. The command uses the default profile for accessing
the Atlas project.
mongocli atlas security ldap verify --hostname atlas-ldaps-01.ldap.myteam.com --bindUsername "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com" --bindPassword changeMe
The previous command prints the following to the terminal:
REQUEST ID PROJECT ID STATUS 5fa1accd0bcb85015ae351b1 5e2211c17a3e5a48f5497de3 PENDING
mongocli atlas security ldap verify --hostname atlas-ldaps-01.ldap.myteam.com --bindUsername "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com" --bindPassword changeMe --output json
The previous command prints the following fields to the terminal:
{ "requestId": "5fa1acd72aa32073c6e59c34", "groupId": "5e2211c17a3e5a48f5497de3", "request": { "hostname": "atlas-ldaps-01.ldap.myteam.com", "port": 636, "bindUsername": "CN=Administrator,CN=Users,DC=atlas-ldaps-01,DC=myteam,DC=com" }, "status": "PENDING", "links": [ { "rel": "self", "href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/5e2211c17a3e5a48f5497de3/userSecurity/ldap/verify/5fa1acd72aa32073c6e59c34" } ] }