Ldap authorization with percona mongodb

HI,

I have used ldap authentication with percona mongodb. Now looking for ldap authorization with percona-mongodb. But in stack overflow i saw a comment like its not yet ready, under road map.(Percona MongoDB LDAP Auth - Stack Overflow)
Can some one from percona mongodb team please confirm me, is ldap authorization with percona mongodb is in use or not, if yes please share suggested links here.

Thank you.

1 Like

We support LDAP Authorization in Percona Server for MongoDB 4.4
https://www.percona.com/doc/percona-server-for-mongodb/LATEST/authentication.html#ldap-authorization

1 Like

HI @vadimtk , thanks for the response. In the link which you had shared , it is not clearly explained how to configure authorization with ldap. There mentioned like see also and added mongodb enterprise configuration link [https://docs.mongodb.com/manual/core/security-ldap-external/]. Should i follow the same mongo configuration for percona mongo conf also? can you please clarify me on this. I had tried to create same role names with ldap group DN’s but it did not work.

1 Like

Hey hi @adamo.tonete , i saw your post on percona mongodb authentication. Here i would like to add authorization part, which comes with ldap groups/roles. I have been gone through many bolgs but no luck and even i had tried on my own still no luck. Can you please help me out here how can i manage authorization.

1 Like

can someone from percona team help me to configure authorization for mongodb with ldap.
I have searched many blogs and site but still not able to find right solution on this.

1 Like

Hi Khasim, to configure authorization you will need to figure out the query to map your LDAP roles to MongoDB groups. See my blog here for a step by step guide: Authenticate Percona Server for MongoDB Users via Native LDAP - Percona Database Performance Blog
What is the specific issue you are having?

1 Like

Hi @Ivan_Groenewold , thanks for your response. I have configured sasl_authd for ldap authentication and trying for only ldap authorization with mongod configuration. WIll this works or should i configure authentication conf also in the mongod conf file? Yeah you are right i might be missed at preparing correct query template.

1 Like

I suggest using the built-in auth mostly nowadays but it still should work

1 Like

HI @Ivan_Groenewold , thanks for your reply. I think here my querytemplate constrct is the issue. I have gone through your blog post Percona Server for MongoDB LDAP Enhancements: User-to-DN Mapping - Percona Database Performance Blog
Here you had explained about userToDNMapping very well. And at last you mentioned " Stay tuned for more info on new PSMDB features such as LDAP authorization ( security.ldap.authz.queryTemplate config option) and others."

Is that queryTemplate blog also got released? if yes can you please share its link here.

1 Like

I think that is just a generic sentence that is added to all MongoDB blogs. To test your query template you can download mongoldap tool. It also works with Percona distribution.

1 Like