Skip to content

DOCS-10984 Fix duplicate 'the' #3077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 6, 2017
Merged

DOCS-10984 Fix duplicate 'the' #3077

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions source/core/security-ldap-external.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ LDAP Authorization
The LDAP Authorization process is summarized below:

#. A client connects to MongoDB and performs authentication with any
:ref:`authentication <authentication>` mechanism that
:ref:`supports external authentication
:ref:`authentication <authentication>` mechanism that
:ref:`supports external authentication
<security-ldap-external-compatibility>`.

#. MongoDB binds to to the LDAP server specified with :setting:`security.ldap.servers`
Expand All @@ -38,10 +38,10 @@ The LDAP Authorization process is summarized below:
instead if configured in :setting:`security.ldap.bind.method` and
:setting:`security.ldap.bind.saslMechanisms`.

#. MongoDB constructs an LDAP query using the
#. MongoDB constructs an LDAP query using the
:setting:`security.ldap.authz.queryTemplate` and queries the LDAP server for
the authenticated user's group membership.

MongoDB can use the :setting:`security.ldap.userToDNMapping` option to
transform the username for supporting the query template.

Expand Down Expand Up @@ -103,7 +103,7 @@ To manage roles on the MongoDB server, authenticate as a user whose group
membership corresponds to a ``admin`` database role with role administration
privileges, such as those provided by :authrole:`userAdmin`. Create or update
roles corresponding to LDAP group DNs such that users with membership in that
group receive the appropriate roles and privileges.
group receive the appropriate roles and privileges.

For example, an LDAP group for database administrators might have a role with
administrative roles and privileges. An LDAP group for marketing or analytics
Expand All @@ -121,15 +121,15 @@ non-``$external`` user with these privileges exists, you effectively cannot
perform user management, as no new or existing roles can be altered to reflect
additions or changes to groups or group membership on the LDAP server.

To remedy a scenario where you cannot manage roles on the MongoDB server,
To remedy a scenario where you cannot manage roles on the MongoDB server,
perform the following procedure:

#. Restart the MongoDB server without authentication and LDAP authorization

#. Create a role on the ``admin`` database whose name corresponds to the
appropriate LDAP group Distinguished Name. When choosing a group DN,
consider which group is most appropriate for database administration.

#. Restart the MongoDB server with authentication and LDAP authorization

#. Authenticate as a user with membership in the group corresponding to the
Expand Down Expand Up @@ -204,7 +204,7 @@ configuration file:
template executed by MongoDB to obtain the LDAP groups to
which the user belongs to. The query is relative to the host or hosts
specified in :setting:`~security.ldap.servers`.

Use the ``{USER}`` special placeholder to substitute the authenticated
username, or the :setting:`transformed <security.ldap.userToDNMapping>`
username, into the LDAP query.
Expand Down Expand Up @@ -272,7 +272,7 @@ configuration file:

- Depending on your :setting:`~security.ldap.queryTemplate`, the
authenticated client username may require transformation to support the
the LDAP query URL. :setting:`~security.ldap.userToDNMapping` allows
LDAP query URL. :setting:`~security.ldap.userToDNMapping` allows
MongoDB to transform incoming usernames.

- **NO**, unless client usernames require transformation into LDAP DNs.
Expand All @@ -288,7 +288,7 @@ authenticated user's groups. If MongoDB transformed the username using
:setting:`~security.ldap.userToDNMapping`, MongoDB replaces the ``{USER}``
token with the transformed username when constructing the LDAP query URL.

.. example::
.. example::

The following query template returns any groups listed in the
LDAP user object's ``memberOf`` attribute. This query assumes the ``memberOf``
Expand Down Expand Up @@ -359,19 +359,19 @@ shell must:
- set :option:`--authenticationDatabase` to ``$external``.

- set :option:`authenticationMechanism` to the appropriate authentication
mechanism.
mechanism.

If using :ref:`LDAP authentication <security-ldap>`, set this to ``PLAIN``.

If using :ref:`Kerberos authentication <security-kerberos>`, set this to
``GSSAPI``.

If using :ref:`x.509 <security-auth-x509>`, set this to ``MONGODB-X.509``.

- set :option:`--username` to a username that respects the
:setting:`security.ldap.authz.queryTemplate`, or any configured
:setting:`security.ldap.userToDNMapping` template.

- set :option:`--password` to the appropriate password.

Include the :option:`--host` and :option:`--port` of the MongoDB server,
Expand Down