[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-11。"],[],[],null,["# Connect MongoDB\n\nThis topic shows you how to configure MongoDB for integration with\nManaged Service for Microsoft Active Directory. The following procedure is verified for MongoDB Enterprise,\nversions 4.0 and 4.2.\n\nBefore you begin\n----------------\n\nBefore configuring MongoDB,\n[create a Managed Microsoft AD domain](/managed-microsoft-ad/docs/quickstart-create-domain).\n\nDeploying MongoDB\n-----------------\n\nFirst, deploy MongoDB to Google Cloud. For compatibility with Active Directory,\nbe sure to install a version of MongoDB that supports LDAP authentication, such\nas MongoDB Enterprise Edition. You can install MongoDB on a Compute Engine\ninstance or you can deploy MongoDB on Google Kubernetes Engine.\n\n### On a Compute Engine instance\n\nTo install MongoDB as a standalone package on a Compute Engine instance,\n[complete the steps in the MongoDB Enterprise installation](https://docs.mongodb.com/manual/administration/install-enterprise/).\n\n### On a Google Kubernetes Engine container\n\nTo deploy MongoDB on Google Kubernetes Engine container, complete the following steps:\n\n1. Complete the [Running a MongoDB Database in Kubernetes with StatefulSets Codelab](https://codelabs.developers.google.com/codelabs/cloud-mongodb-statefulset/index.html?index=..%2F..index#0).\n2. Go to the `./mongo-k8s-sidecar/example/StatefulSet/` directory.\n3. Open `mongo-statefulset.yaml`\n4. Replace `image: mongo` with `image: path to gcr`\n\nConfiguring Authentication\n--------------------------\n\nNext, configure authentication. Managed Microsoft AD can be used as an LDAP\nbackend for authentication. You can choose LDAP or Kerberos.\n\nTo configure authentication, use the [configuration values](#values) to complete\none of the following setup procedures:\n\n- To set up authentication using LDAP, [complete the MongoDB LDAP tutorial](https://docs.mongodb.com/v4.0/tutorial/authenticate-nativeldap-activedirectory/).\n- To set up authentication using Kerberos, [complete the MongoDB Kerberos tutorial](https://docs.mongodb.com/v4.0/tutorial/kerberos-auth-activedirectory-authz/).\n\n### Authentication configuration values\n\nUse the following values to configure authentication:\n\n- `security.ldap.server`: Use the FQDN you provided for the domain during setup.\n- `security.ldap.userToDNMapping`: Use the domain name of domain provided in `ldapQuery`.\n - Example: `ldapQuery: \"DC=cloudad,DC=gke,DC=com??sub?(userPrincipalName={0})\"`\n- `security.ldap.server.authz`: Use domain name of domain provided in `queryTemplate`.\n - Example: `queryTemplate: \"DC=cloudad,DC=gke,DC=com??sub?(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={USER}))\"`\n- `security.ldap.transportSecurity`: Set to `none` to disable TLS/SSL.\n\nIn Managed Microsoft AD, users are created under `Cloud OU`. You should use\nthe distinguished name for the resources and groups created under `Cloud OU`.\nFor example, for user `dba`, you would use the distinguished name,\n`\"CN=dba,OU=Cloud,DC=cloudad,DC=gke,DC=com\"`."]]
