If you have a MongoDB Enterprise license, you can take advantage of two authentication methods supported by the MongoDB Enterprise server: LDAP and Kerberos. They’re quite different from one another, so here’s a short overview to help determine which authentication method might better suit your enterprise needs and setup resources.
What is LDAP?
Short for Lightweight Directory Access Protocol, LDAP is a protocol used to access directory servers. If you’re using databases (like MongoDB) which support the protocol, think of LDAP as the layer that sits on top of them, enabling you to centrally authorize and authenticate users by running LDAP-specific queries. No complex cryptography, just straightforward lookups.
LDAP Authentication in MongoDB
As of Version 3.4, MongoDB Enterprise Server supports LDAP authorization. MongoDB has prepared quite a thorough documentation on MongoDB LDAP authentication, but be warned: the LDAP topic is quite broad that even the documentation assumes those tasked with the setup are already familiar with the protocol.
What is Kerberos?
Unlike LDAP which checks for key-value pairs like username-password to authenticate users, Kerberos uses strong key cryptography.
Each client or local machine lives within a “realm” – think of it as the scope of assets or services it’s allowed to access – and holds a secret key which serves as proof of identity whenever it sends a request to what’s called the Key Distribution Center or KDC. The authentication server within the KDC takes this secret key to request an access-granting “ticket” from the ticket-granting server, also within the KDC. The ticket is granted only after a series of successful mutual authentication between the client and the KDC, which then gives the user access to the requested service.
Kerberos Authentication in MongoDB
MongoDB Enterprise has supported Kerberos authentication since Version 2.4. You can find the full list of compatible MongoDB drivers and the complete documentation for various configuration scenarios (e.g. Linux, Windows) here.
Studio 3T Enterprise makes it easy to deploy both LDAP and Kerberos authentication across your company – and a whole lot more.
Built especially for professional teams, our Enterprise edition unlocks a full suite of advanced features like polyglot query code generation, the ability to use SQL to query MongoDB, and seamless import/export between MongoDB and SQL, that’s sure to save your team time and effort.