Note
Starting in MongoDB 8.0, LDAP authentication and authorization is deprecated. LDAP is available and will continue to operate without changes throughout the lifetime of MongoDB 8. LDAP will be removed in a future major release.从MongoDB 8.0开始,LDAP身份验证和授权被弃用。LDAP是可用的,并将在MongoDB 8的整个生命周期内继续运行而不做任何更改。LDAP将在未来的主要版本中删除。
For details, see LDAP Deprecation.有关详细信息,请参阅LDAP弃用。
Enabling access control on a MongoDB deployment enforces authentication. With access control enabled, users are required to identify themselves and can only perform actions that adhere to the permissions granted by the roles assigned to their user.在MongoDB部署上启用访问控制会强制执行身份验证。启用访问控制后,用户需要标识自己,并且只能执行符合分配给其用户的角色授予的权限的操作。
You can configure authentication in the UI for deployments hosted in MongoDB Atlas.您可以在MongoDB Atlas中托管的部署的UI中配置身份验证。
Note
You can't disable access control in MongoDB Atlas.您无法在MongoDB Atlas中禁用访问控制。
Access Control Resources访问控制资源
If you would like to enable access control for a standalone MongoDB instance, please refer to one of the following resources:如果您想为独立的MongoDB实例启用访问控制,请参阅以下资源之一:
Use SCRAM to Authenticate Clients on Self-Managed Deployments使用SCRAM对自我管理部署上的客户端进行身份验证Use X.509 Certificates to Authenticate Clients on Self-Managed Deployments使用X.509证书对自我管理部署上的客户端进行身份验证Configure Self-Managed MongoDB with Kerberos Authentication on Linux在Linux上配置具有Kerberos身份验证的自管理MongoDBConfigure Self-Managed MongoDB with Kerberos Authentication on Windows在Windows上配置具有Kerberos身份验证的自管理MongoDBConfigure Self-Managed MongoDB with Kerberos and Active Directory Authorization使用Kerberos和活动目录授权配置自管理MongoDBAuthenticate Using Self-Managed SASL and LDAP with ActiveDirectory通过活动目录使用自管理SASL和LDAP进行身份验证Authenticate Using Self-Managed SASL and LDAP with OpenLDAP通过OpenLDAP使用自管理SASL和LDAP进行身份验证Configure Users Using Self-Managed Active Directory with Native LDAP使用具有本机LDAP的自管理活动目录配置用户Authentication and Authorization with OIDC/OAuth 2.0使用OIDC/OAuth 2.0进行身份验证和授权
If you would like to enable access control for a replica set or a sharded cluster, please refer to one of the following resources:如果要为副本集或分片群集启用访问控制,请参阅以下资源之一:
Deploy Self-Managed Replica Set With Keyfile Authentication使用键文件身份验证部署自我管理副本集Update Self-Managed Replica Set to Keyfile Authentication将自我管理副本集更新为键文件身份验证Update Self-Managed Replica Set to Keyfile Authentication (No Downtime)将自我管理副本集更新为键文件身份验证(无停机时间)Deploy Self-Managed Sharded Cluster with Keyfile Authentication部署具有键文件身份验证的自我管理分片集群Update Self-Managed Sharded Cluster to Keyfile Authentication将自我管理的分片集群更新为键文件身份验证Update Self-Managed Sharded Cluster to Keyfile Authentication (No Downtime)将自我管理的分片群集更新为键文件身份验证(无停机)Configure Self-Managed MongoDB with Kerberos Authentication on Linux在Linux上配置具有Kerberos身份验证的自管理MongoDBConfigure Self-Managed MongoDB with Kerberos Authentication on Windows在Windows上配置具有Kerberos身份验证的自管理MongoDBConfigure Self-Managed MongoDB with Kerberos and Active Directory Authorization使用Kerberos和活动目录授权配置自管理MongoDBAuthenticate Using Self-Managed SASL and LDAP with ActiveDirectory通过活动目录使用自管理SASL和LDAP进行身份验证Authenticate Using Self-Managed SASL and LDAP with OpenLDAP通过OpenLDAP使用自管理SASL和LDAP进行身份验证Configure Users Using Self-Managed Active Directory with Native LDAP使用具有本机LDAP的自管理活动目录配置用户
Next Steps后续步骤
To create additional users, see Create a User on Self-Managed Deployments.要创建其他用户,请参阅在自我管理部署上创建用户。
To manage users, assign roles, and create custom roles, see Manage Users and Roles on Self-Managed Deployments.要管理用户、分配角色和创建自定义角色,请参阅在自我管理部署上管理用户和角色。