Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Topik ini menunjukkan cara mengonfigurasi MongoDB untuk integrasi dengan
Layanan Terkelola untuk Microsoft Active Directory. Prosedur berikut diverifikasi untuk MongoDB Enterprise,
versi 4.0 dan 4.2.
Pertama, deploy MongoDB ke Google Cloud. Untuk kompatibilitas dengan Active Directory,
pastikan untuk menginstal versi MongoDB yang mendukung autentikasi LDAP, seperti
MongoDB Enterprise Edition. Anda dapat menginstal MongoDB di instance Compute Engine atau men-deploy MongoDB di Google Kubernetes Engine.
Buka direktori ./mongo-k8s-sidecar/example/StatefulSet/.
Buka mongo-statefulset.yaml
Ganti image: mongo dengan image: path to gcr
Mengonfigurasi Autentikasi
Selanjutnya, konfigurasikan autentikasi. AD Microsoft yang Terkelola dapat digunakan sebagai backend
LDAP untuk autentikasi. Anda dapat memilih LDAP atau Kerberos.
Untuk mengonfigurasi autentikasi, gunakan nilai konfigurasi untuk menyelesaikan salah satu prosedur penyiapan berikut:
security.ldap.transportSecurity: Tetapkan ke none untuk menonaktifkan TLS/SSL.
Di Microsoft AD Terkelola, pengguna dibuat di bagian Cloud OU. Anda harus menggunakan
nama unik untuk resource dan grup yang dibuat di bagian Cloud OU.
Misalnya, untuk pengguna dba, Anda akan menggunakan nama unik,
"CN=dba,OU=Cloud,DC=cloudad,DC=gke,DC=com".
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-11 UTC."],[],[],null,["# Connect MongoDB\n\nThis topic shows you how to configure MongoDB for integration with\nManaged Service for Microsoft Active Directory. The following procedure is verified for MongoDB Enterprise,\nversions 4.0 and 4.2.\n\nBefore you begin\n----------------\n\nBefore configuring MongoDB,\n[create a Managed Microsoft AD domain](/managed-microsoft-ad/docs/quickstart-create-domain).\n\nDeploying MongoDB\n-----------------\n\nFirst, deploy MongoDB to Google Cloud. For compatibility with Active Directory,\nbe sure to install a version of MongoDB that supports LDAP authentication, such\nas MongoDB Enterprise Edition. You can install MongoDB on a Compute Engine\ninstance or you can deploy MongoDB on Google Kubernetes Engine.\n\n### On a Compute Engine instance\n\nTo install MongoDB as a standalone package on a Compute Engine instance,\n[complete the steps in the MongoDB Enterprise installation](https://docs.mongodb.com/manual/administration/install-enterprise/).\n\n### On a Google Kubernetes Engine container\n\nTo deploy MongoDB on Google Kubernetes Engine container, complete the following steps:\n\n1. Complete the [Running a MongoDB Database in Kubernetes with StatefulSets Codelab](https://codelabs.developers.google.com/codelabs/cloud-mongodb-statefulset/index.html?index=..%2F..index#0).\n2. Go to the `./mongo-k8s-sidecar/example/StatefulSet/` directory.\n3. Open `mongo-statefulset.yaml`\n4. Replace `image: mongo` with `image: path to gcr`\n\nConfiguring Authentication\n--------------------------\n\nNext, configure authentication. Managed Microsoft AD can be used as an LDAP\nbackend for authentication. You can choose LDAP or Kerberos.\n\nTo configure authentication, use the [configuration values](#values) to complete\none of the following setup procedures:\n\n- To set up authentication using LDAP, [complete the MongoDB LDAP tutorial](https://docs.mongodb.com/v4.0/tutorial/authenticate-nativeldap-activedirectory/).\n- To set up authentication using Kerberos, [complete the MongoDB Kerberos tutorial](https://docs.mongodb.com/v4.0/tutorial/kerberos-auth-activedirectory-authz/).\n\n### Authentication configuration values\n\nUse the following values to configure authentication:\n\n- `security.ldap.server`: Use the FQDN you provided for the domain during setup.\n- `security.ldap.userToDNMapping`: Use the domain name of domain provided in `ldapQuery`.\n - Example: `ldapQuery: \"DC=cloudad,DC=gke,DC=com??sub?(userPrincipalName={0})\"`\n- `security.ldap.server.authz`: Use domain name of domain provided in `queryTemplate`.\n - Example: `queryTemplate: \"DC=cloudad,DC=gke,DC=com??sub?(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={USER}))\"`\n- `security.ldap.transportSecurity`: Set to `none` to disable TLS/SSL.\n\nIn Managed Microsoft AD, users are created under `Cloud OU`. You should use\nthe distinguished name for the resources and groups created under `Cloud OU`.\nFor example, for user `dba`, you would use the distinguished name,\n`\"CN=dba,OU=Cloud,DC=cloudad,DC=gke,DC=com\"`."]]
