Hi @mdiorio,
Yes, when you use LDAP authorization you don’t need to create users in the $external db. This is true for PSMDB too. You still use $external as authentication db but no need to create users there.
General description of LDAP authorization is here: https://docs.mongodb.com/manual/core/security-ldap-external/
Example of using AD for LDAP authorization is here: https://docs.mongodb.com/manual/tutorial/authenticate-nativeldap-activedirectory/
LDAP authorization is supported in PSMDB versions 4.2.5-5 , 4.0.18-11 , and will be supported in upcoming version based on 3.6.18