Connections Manager 
Import Wizard 
Collections Tab 
Visual Query Builder 
SQL Query 
SQL Connection Manager 
Team Sharing 
LDAP/ Kerberos
Export Wizard .svg){kind=icon}
SQL to MongoDB.svg){kind=icon}
MongoDB to SQL
Data Compare & Sync 
Task Scheduler 
Intellishell 
Schema Explorer 
AI Helper 
Aggregration Editor 
Query Code 
Query Profiler 
Index Manager 
Visual Explain 
Reschema 
Users and Roles Manager 
Data Masking 
If you have a MongoDB Enterprise license, you can take advantage of two authentication methods supported by the MongoDB Enterprise Server: LDAP and Kerberos. This article provides a brief overview of how they work and where you can find information about how they are supported in MongoDB. Studio 3T Ultimate edition supports both LDAP and Kerberos.
What is LDAP?
LDAP (Lightweight Directory Access Protocol) is a protocol used to access directory servers for authenticating and authorizing users.
If you’re using databases which support the protocol like MongoDB, think of LDAP as the layer that sits on top of them, enabling you to centrally authenticate and authorize users by running LDAP-specific queries. No complex cryptography, just straightforward lookups.
LDAP authentication in MongoDB
MongoDB Enterprise queries the LDAP server to find the LDAP groups for the authenticated user and authorizes the user based on their roles and privileges. You can find a summary of how MongoDB Enterprise Server supports LDAP authorization in the MongoDB documentation.
What is Kerberos?
Kerberos is a protocol that uses strong key cryptography for authentication in large client-server systems, unlike LDAP which checks for key-value pairs like username-password to authenticate users.
Each client or local machine lives within a “realm” – think of it as the scope of assets or services it’s allowed to access. The realm holds a secret key which serves as proof of identity whenever it sends a request to what’s called the Key Distribution Center (KDC). The authentication server within the KDC takes this secret key to request an access-granting “ticket” from the ticket-granting server, also within the KDC. The ticket is granted only after a series of successful mutual authentication between the client and the KDC, which then gives the user access to the requested service.
Kerberos authentication in MongoDB
MongoDB Enterprise provides support for Kerberos authentication of MongoDB clients. You can find a summary of how MongoDB Enterprise Server supports Kerberos authentication in the MongoDB documentation, including the full list of compatible MongoDB drivers and information about Linux and Windows configurations.
Certified for MongoDB Enterprise
Studio 3T is a certified MongoDB Enterprise partner. Studio 3T Ultimate edition fully integrates with MongoDB Enterprise Server and makes it easy to deploy both LDAP and Kerberos authentication across your organization.
Studio 3T Ultimate edition
Built especially for teams that deploy MongoDB in enterprises, Studio 3T Ultimate edition unlocks a full suite of advanced features. Use data masking to protect sensitive data, generate query code in different languages, use SQL to query MongoDB, and seamlessly migrate from MongoDB to SQL and SQL to MongoDB to create efficient workflows that save time and effort.
Get your Studio 3T Ultimate license today to enable LDAP and Kerberos authentication.
This article was originally published by Kathryn Vargas and has since been updated.
