mirror
/
mongo
mirror of https://github.com/mongodb/mongo
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SERVER-107074: Update man pages for 8.2 (#39851) 

GitOrigin-RevId: 83d46fb11adff11dc0205bb7507625a7047cdb38
This commit is contained in:
Madison Hoover 2025-08-25 12:20:57 -04:00 committed by MongoDB Bot
parent af3751371f
commit 7adc99556c
5 changed files with 3867 additions and 3611 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1332
debian/mongod.1 vendored
View File

File diff suppressed because it is too large Load Diff

6007
debian/mongodb-parameters.5 vendored
View File

File diff suppressed because it is too large Load Diff

6
debian/mongokerberos.1 vendored
View File

@ -69,9 +69,9 @@ documentation. For configuring MongoDB to authenticate using Kerberos,
please reference the following tutorials: please reference the following tutorials:
.RS .RS
.IP \(bu 2 .IP \(bu 2
\fBConfigure MongoDB with Kerberos Authentication on Linux\f1 \fBConfigure Self\-Managed MongoDB with Kerberos Authentication on Linux\f1
.IP \(bu 2 .IP \(bu 2
\fBConfigure MongoDB with Kerberos Authentication on Windows\f1\&. \fBConfigure Self\-Managed MongoDB with Kerberos Authentication on Windows\f1\&.
.RE .RE
.PP .PP
This document provides a complete overview of all command line options This document provides a complete overview of all command line options
@ -327,7 +327,7 @@ output.
.PP .PP
Specifies a configuration file for runtime configuration options. Specifies a configuration file for runtime configuration options.
The options are equivalent to the command\-line The options are equivalent to the command\-line
configuration options. See \fBConfiguration File Options\f1 for configuration options. See \fBSelf\-Managed Configuration File Options\f1 for
more information. more information.
.PP .PP
\fBmongokerberos\f1\f1 will read the values for \fBmongokerberos\f1\f1 will read the values for

17
debian/mongoldap.1 vendored
View File

@ -1,6 +1,13 @@
.TH mongoldap 1 .TH mongoldap 1
.SH MONGOLDAP .SH MONGOLDAP
\fIMongoDB Enterprise\f1 \fIMongoDB Enterprise\f1
.PP
Starting in MongoDB 8.0, LDAP authentication and authorization is
deprecated. LDAP is available and will continue to operate without
changes throughout the lifetime of MongoDB 8. LDAP will be removed in a
future major release.
.PP
For details, see \fBLDAP Deprecation\f1\&.
.SH SYNOPSIS .SH SYNOPSIS
.PP .PP
MongoDB Enterprise provides MongoDB Enterprise provides
@ -196,11 +203,11 @@ If your connection string specifies \fB"srv_raw:<DNS_NAME>"\f1,
.PP .PP
Specifies a configuration file for runtime configuration options. Specifies a configuration file for runtime configuration options.
The options are equivalent to the command\-line The options are equivalent to the command\-line
configuration options. See \fBConfiguration File Options\f1 for configuration options. See \fBSelf\-Managed Configuration File Options\f1 for
more information. more information.
.PP .PP
\fBmongoldap\f1\f1 uses any configuration options related to \fBLDAP Proxy Authentication\f1 \fBmongoldap\f1\f1 uses any configuration options related to \fBSelf\-Managed LDAP Proxy Authentication\f1
or \fBLDAP Authorization\f1 for testing LDAP authentication or or \fBLDAP Authorization on Self\-Managed Deployments\f1 for testing LDAP authentication or
authorization. authorization.
.PP .PP
Requires specifying \fB\-\-user\f1\f1\&. May accept \fB\-\-password\f1\f1 for Requires specifying \fB\-\-user\f1\f1\&. May accept \fB\-\-password\f1\f1 for
@ -377,7 +384,7 @@ libraries by default. Defer to the documentation associated with each
SASL mechanism for guidance on installation and configuration. SASL mechanism for guidance on installation and configuration.
.PP .PP
If using the \fBGSSAPI\f1 SASL mechanism for use with If using the \fBGSSAPI\f1 SASL mechanism for use with
\fBKerberos Authentication\f1, verify the following for the \fBKerberos Authentication on Self\-Managed Deployments\f1, verify the following for the
\fBmongoldap\f1\f1 host machine: \fBmongoldap\f1\f1 host machine:
.PP .PP
\fBLinux\f1\f1 \fBLinux\f1\f1
@ -492,7 +499,7 @@ authenticate to MongoDB with usernames that are not full LDAP DNs.
Using an \fBLDAP authorization query template\f1\f1 that requires a DN. Using an \fBLDAP authorization query template\f1\f1 that requires a DN.
.IP \(bu 2 .IP \(bu 2
Transforming the usernames of clients authenticating to Mongo DB using Transforming the usernames of clients authenticating to Mongo DB using
different authentication mechanisms (e.g. x.509, kerberos) to a full LDAP different authentication mechanisms (e.g. X.509, kerberos) to a full LDAP
DN for authorization. DN for authorization.
.RE .RE
.PP .PP

116
debian/mongos.1 vendored
View File

@ -1,5 +1,5 @@
.TH mongos 1 .TH mongos 1
.SH MONGOS .SH MONGOS INSTANCES
.SH SYNOPSIS .SH SYNOPSIS
For a \fBsharded cluster\f1, the \fBmongos\f1 For a \fBsharded cluster\f1, the \fBmongos\f1
instances provide the interface between the client applications and the instances provide the interface between the client applications and the
@ -16,12 +16,12 @@ MongoDB disables support for TLS 1.0
encryption on systems where TLS 1.1+ is available. encryption on systems where TLS 1.1+ is available.
.IP \(bu 2 .IP \(bu 2
The \fBmongos\f1\f1 binary cannot connect to \fBmongod\f1\f1 The \fBmongos\f1\f1 binary cannot connect to \fBmongod\f1\f1
instances whose \fBfeature compatibility version (fCV)\f1 is greater instances whose \fBfeature compatibility version (FCV)\f1 is greater
than that of the \fBmongos\f1\f1\&. For example, you cannot connect than that of the \fBmongos\f1\f1\&. For example, you cannot connect
a MongoDB 5.0 version \fBmongos\f1\f1 to a 7.0 a MongoDB 5.0 version \fBmongos\f1\f1 to a 8.0
sharded cluster with \fBfCV\f1 set to 7.0\&. You sharded cluster with \fBFCV\f1 set to 8.0\&. You
can, however, connect a MongoDB 5.0 version can, however, connect a MongoDB 5.0 version
\fBmongos\f1\f1 to a 7.0 sharded cluster with \fBfCV\f1 set to 5.0\&. \fBmongos\f1\f1 to a 8.0 sharded cluster with \fBFCV\f1 set to 5.0\&.
.IP \(bu 2 .IP \(bu 2
\fBmongod\f1\f1 includes a \fBFull Time Diagnostic Data Capture\f1 mechanism to assist MongoDB engineers with troubleshooting \fBmongod\f1\f1 includes a \fBFull Time Diagnostic Data Capture\f1 mechanism to assist MongoDB engineers with troubleshooting
deployments. If this thread fails, it terminates the originating process. deployments. If this thread fails, it terminates the originating process.
@ -32,7 +32,7 @@ directory. For \fBmongod\f1 the directory is within
.RE .RE
.SH OPTIONS .SH OPTIONS
.PP .PP
\fBConfiguration File Settings and Command\-Line Options Mapping\f1 \fBSelf\-Managed Configuration File Settings and Command\-Line Options Mapping\f1
.RS .RS
.IP \(bu 2 .IP \(bu 2
MongoDB deprecates the SSL options and instead adds new MongoDB deprecates the SSL options and instead adds new
@ -66,7 +66,7 @@ Returns the \fBmongos\f1 release number.
Specifies a configuration file for runtime configuration options. The Specifies a configuration file for runtime configuration options. The
configuration file is the preferred method for runtime configuration of configuration file is the preferred method for runtime configuration of
\fBmongos\f1\&. The options are equivalent to the command\-line \fBmongos\f1\&. The options are equivalent to the command\-line
configuration options. See \fBConfiguration File Options\f1 for configuration options. See \fBSelf\-Managed Configuration File Options\f1 for
more information. more information.
.PP .PP
Ensure the configuration file uses ASCII encoding. The \fBmongos\f1 Ensure the configuration file uses ASCII encoding. The \fBmongos\f1
@ -124,7 +124,7 @@ list, for example: \fBrest, exec\f1\&. If the configuration file contains
expansion directives not specified to \fB\-\-configExpand\f1\f1, the \fBmongos\f1 expansion directives not specified to \fB\-\-configExpand\f1\f1, the \fBmongos\f1
returns an error and terminates. returns an error and terminates.
.PP .PP
See \fBExternally Sourced Configuration File Values\f1 for configuration files See \fBExternally Sourced Configuration File Values for Self\-Managed Deployments\f1 for configuration files
for more information on expansion directives. for more information on expansion directives.
.RE .RE
.PP .PP
@ -204,12 +204,12 @@ configured with an IP address fail startup validation and do not start.
Before you bind your instance to a publicly\-accessible IP address, Before you bind your instance to a publicly\-accessible IP address,
you must secure your cluster from unauthorized access. For a complete you must secure your cluster from unauthorized access. For a complete
list of security recommendations, see list of security recommendations, see
\fBSecurity Checklist\f1\&. At minimum, consider \fBSecurity Checklist for Self\-Managed Deployments\f1\&. At minimum, consider
\fBenabling authentication\f1 and \fBhardening \fBenabling authentication\f1 and \fBhardening
network infrastructure\f1\&. network infrastructure\f1\&.
.PP .PP
For more information about IP Binding, refer to the For more information about IP Binding, refer to the
\fBIP Binding\f1 documentation. \fBIP Binding in Self\-Managed Deployments\f1 documentation.
.PP .PP
To bind to all IPv4 addresses, enter \fB0.0.0.0\f1\&. To bind to all IPv4 addresses, enter \fB0.0.0.0\f1\&.
.PP .PP
@ -241,12 +241,12 @@ addresses (i.e. \fB0.0.0.0\f1). If \fBmongos\f1 starts with
Before you bind your instance to a publicly\-accessible IP address, Before you bind your instance to a publicly\-accessible IP address,
you must secure your cluster from unauthorized access. For a complete you must secure your cluster from unauthorized access. For a complete
list of security recommendations, see list of security recommendations, see
\fBSecurity Checklist\f1\&. At minimum, consider \fBSecurity Checklist for Self\-Managed Deployments\f1\&. At minimum, consider
\fBenabling authentication\f1 and \fBhardening \fBenabling authentication\f1 and \fBhardening
network infrastructure\f1\&. network infrastructure\f1\&.
.PP .PP
For more information about IP Binding, refer to the For more information about IP Binding, refer to the
\fBIP Binding\f1 documentation. \fBIP Binding in Self\-Managed Deployments\f1 documentation.
.PP .PP
Alternatively, you can set the \fB\-\-bind_ip\f1 option to \fB::,0.0.0.0\f1 Alternatively, you can set the \fB\-\-bind_ip\f1 option to \fB::,0.0.0.0\f1
or to an asterisk \fB"*"\f1 (enclose the asterisk in quotes to avoid filename or to an asterisk \fB"*"\f1 (enclose the asterisk in quotes to avoid filename
@ -259,7 +259,7 @@ is, you can specify one or the other, but not both.
\fBmongos \-\-listenBacklog\f1 \fBmongos \-\-listenBacklog\f1
.RS .RS
.PP .PP
\fIDefault\f1: Target system specific maximum value \fIDefault\f1: Target system \fBSOMAXCONN\f1 constant
.PP .PP
The maximum number of connections that can exist in the listen The maximum number of connections that can exist in the listen
queue. queue.
@ -272,30 +272,21 @@ To prevent undefined behavior, specify a value for this
parameter between \fB1\f1 and the local system \fBSOMAXCONN\f1 parameter between \fB1\f1 and the local system \fBSOMAXCONN\f1
constant. constant.
.PP .PP
The default value for the \fBlistenBacklog\f1 parameter depends on the target The default value for the \fBlistenBacklog\f1 parameter depends on the
system. On Linux, \fB/proc/sys/net/core/somaxconn\f1 is used. On all other target system. On Linux, MongoDB uses \fB/proc/sys/net/core/somaxconn\f1\&.
target systems, the compile time constant \fBSOMAXCONN\f1 is used. On all other target systems, MongoDB uses the compile time constant
\fBSOMAXCONN\f1 is the maximum valid value that is documented for \fBSOMAXCONN\f1\&.
the \fIbacklog\f1 parameter to the \fIlisten\f1 system call.
.PP .PP
Some systems may interpret \fBSOMAXCONN\f1 symbolically, and others Some systems may interpret \fBSOMAXCONN\f1 symbolically, and others
numerically. The actual \fIlisten backlog\f1 applied in practice may numerically. The actual \fIlisten backlog\f1 applied in practice may
differ from any numeric interpretation of the \fBSOMAXCONN\f1 constant differ from any numeric interpretation of the \fBSOMAXCONN\f1 constant
or argument to \fB\-\-listenBacklog\f1, and may also be constrained by or argument to \fB\-\-listenBacklog\f1\&.
system settings like \fB/proc/sys/net/core/somaxconn\f1 on Linux.
.PP .PP
Passing a value for the \fBlistenBacklog\f1 parameter that exceeds the Passing a value for the \fBlistenBacklog\f1 parameter that exceeds the
\fBSOMAXCONN\f1 constant for the local system is, by the letter of the \fBSOMAXCONN\f1 constant for the local system is, by the letter of the
standards, undefined behavior. Higher values may be silently integer standards, undefined behavior. Higher values may be silently integer
truncated, may be ignored, may cause unexpected resource truncated, may be ignored, may cause unexpected resource
consumption, or have other adverse consequences. consumption, or have other adverse consequences.
.PP
On systems with workloads that exhibit connection spikes, for which
it is empirically known that the local system can honor higher
values for the \fIbacklog\f1 parameter than the \fBSOMAXCONN\f1 constant,
setting the \fBlistenBacklog\f1 parameter to a higher value may reduce
operation latency as observed by the client by reducing the number
of connections which are forced into a backoff state.
.RE .RE
.PP .PP
\fBmongos \-\-maxConns\f1 \fBmongos \-\-maxConns\f1
@ -316,7 +307,7 @@ In this case, set \fBmaxIncomingConnections\f1\f1 to a value slightly
higher than the maximum number of connections that the client creates, or the higher than the maximum number of connections that the client creates, or the
maximum size of the connection pool. maximum size of the connection pool.
.PP .PP
This setting prevents the \fBmongos\f1\f1 from causing connection spikes on This setting prevents the \fBmongos\f1 from causing connection spikes on
the individual \fBshards\f1\&. Spikes like these may disrupt the the individual \fBshards\f1\&. Spikes like these may disrupt the
operation and memory allocation of the \fBsharded cluster\f1\&. operation and memory allocation of the \fBsharded cluster\f1\&.
.RE .RE
@ -493,7 +484,7 @@ Installation Guide for your operating system.
Specifies the path to a key file that stores the shared secret Specifies the path to a key file that stores the shared secret
that MongoDB instances use to authenticate to each other in a that MongoDB instances use to authenticate to each other in a
\fBsharded cluster\f1 or \fBreplica set\f1\&. \fB\-\-keyFile\f1\f1 implies \fBsharded cluster\f1 or \fBreplica set\f1\&. \fB\-\-keyFile\f1\f1 implies
\fBclient authorization\f1\&. See \fBInternal/Membership Authentication\f1 for more \fBclient authorization\f1\&. See \fBSelf\-Managed Internal/Membership Authentication\f1 for more
information. information.
.PP .PP
\fBKeyfiles for internal membership authentication\f1 use YAML format to allow for multiple keys in a \fBKeyfiles for internal membership authentication\f1 use YAML format to allow for multiple keys in a
@ -513,7 +504,7 @@ keyfiles that use the text file format.
.RS .RS
.PP .PP
Specifies one of the MongoDB parameters described in Specifies one of the MongoDB parameters described in
\fBMongoDB Server Parameters\f1\&. You can specify multiple \fBsetParameter\f1 \fBMongoDB Server Parameters for a Self\-Managed Deployment\f1\&. You can specify multiple \fBsetParameter\f1
fields. fields.
.RE .RE
.PP .PP
@ -545,7 +536,8 @@ always listens on the UNIX socket unless one of the following is true:
\fBnet.bindIp\f1\f1 does not specify \fBlocalhost\f1 or its associated IP address \fBnet.bindIp\f1\f1 does not specify \fBlocalhost\f1 or its associated IP address
.RE .RE
.PP .PP
\fBmongos\f1 installed from official \fB\&.deb\f1 and \fB\&.rpm\f1 packages \fBmongos\f1 installed from official \fBInstall MongoDB Community Edition on Debian\f1
and \fBInstall MongoDB Community Edition on Red Hat or CentOS\f1 packages
have the \fBbind_ip\f1 configuration set to \fB127.0.0.1\f1 by have the \fBbind_ip\f1 configuration set to \fB127.0.0.1\f1 by
default. default.
.RE .RE
@ -716,7 +708,7 @@ and use the \fBtimeZoneInfo\f1\f1 parameter.
.PP .PP
Outputs the \fBmongos\f1 instance\(aqs configuration options, formatted Outputs the \fBmongos\f1 instance\(aqs configuration options, formatted
in YAML, to \fBstdout\f1 and exits the \fBmongos\f1 instance. For in YAML, to \fBstdout\f1 and exits the \fBmongos\f1 instance. For
configuration options that uses \fBExternally Sourced Configuration File Values\f1, configuration options that uses \fBExternally Sourced Configuration File Values for Self\-Managed Deployments\f1,
\fB\-\-outputConfig\f1\f1 returns the resolved value for those options. \fB\-\-outputConfig\f1\f1 returns the resolved value for those options.
.PP .PP
This may include any configured passwords or secrets previously This may include any configured passwords or secrets previously
@ -727,7 +719,7 @@ For usage examples, see:
.IP \(bu 2 .IP \(bu 2
\fBOutput the Configuration File with Resolved Expansion Directive Values\f1 \fBOutput the Configuration File with Resolved Expansion Directive Values\f1
.IP \(bu 2 .IP \(bu 2
\fBConvert Command\-Line Options to YAML\f1 \fBConvert Self\-Managed Command\-Line Options to YAML\f1
.RE .RE
.RE .RE
.SS SHARDED CLUSTER OPTIONS .SS SHARDED CLUSTER OPTIONS
@ -841,11 +833,11 @@ The server uses and accepts only TLS encrypted connections.
.RE .RE
.PP .PP
If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not
specified and you are not using x.509 authentication, you must set the specified and you are not using X.509 authentication, you must set the
\fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use \fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use
the system\-wide CA certificate store when connecting to a TLS\-enabled server. the system\-wide CA certificate store when connecting to a TLS\-enabled server.
.PP .PP
If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1
must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&.
.PP .PP
For more information about TLS and MongoDB, see For more information about TLS and MongoDB, see
@ -906,7 +898,7 @@ For more information about TLS and MongoDB, see
\fIDefault\f1: keyFile \fIDefault\f1: keyFile
.PP .PP
The authentication mode used for cluster authentication. If you use The authentication mode used for cluster authentication. If you use
\fBinternal x.509 authentication\f1, \fBinternal X.509 authentication\f1,
specify so here. This option can have one of the following values: specify so here. This option can have one of the following values:
.RS .RS
.IP \(bu 2 .IP \(bu 2
@ -930,7 +922,7 @@ Accept only keyfiles.
\fBsendKeyFile\f1 \fBsendKeyFile\f1
.IP \(bu 4 .IP \(bu 4
For rolling upgrade purposes. Send a keyfile for For rolling upgrade purposes. Send a keyfile for
authentication but can accept both keyfiles and x.509 authentication but can accept both keyfiles and X.509
certificates. certificates.
.RE .RE
.IP \(bu 2 .IP \(bu 2
@ -938,8 +930,8 @@ certificates.
.IP \(bu 4 .IP \(bu 4
\fBsendX509\f1 \fBsendX509\f1
.IP \(bu 4 .IP \(bu 4
For rolling upgrade purposes. Send the x.509 certificate for For rolling upgrade purposes. Send the X.509 certificate for
authentication but can accept both keyfiles and x.509 authentication but can accept both keyfiles and X.509
certificates. certificates.
.RE .RE
.IP \(bu 2 .IP \(bu 2
@ -947,17 +939,17 @@ certificates.
.IP \(bu 4 .IP \(bu 4
\fBx509\f1 \fBx509\f1
.IP \(bu 4 .IP \(bu 4
Recommended. Send the x.509 certificate for authentication and Recommended. Send the X.509 certificate for authentication and
accept only x.509 certificates. accept only X.509 certificates.
.RE .RE
.RE .RE
.PP .PP
If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not
specified and you are not using x.509 authentication, you must set the specified and you are not using X.509 authentication, you must set the
\fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use \fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use
the system\-wide CA certificate store when connecting to a TLS\-enabled server. the system\-wide CA certificate store when connecting to a TLS\-enabled server.
.PP .PP
If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1
must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&.
.PP .PP
For more information about TLS and MongoDB, see For more information about TLS and MongoDB, see
@ -972,7 +964,7 @@ On macOS or Windows, you can use a certificate
from the operating system\(aqs secure store instead of a PEM from the operating system\(aqs secure store instead of a PEM
file. See \fB\-\-tlsClusterCertificateSelector\f1\f1\&. file. See \fB\-\-tlsClusterCertificateSelector\f1\f1\&.
.PP .PP
Specifies the \&.pem file that contains the x.509 certificate\-key Specifies the \&.pem file that contains the X.509 certificate\-key
file for \fBmembership authentication\f1 file for \fBmembership authentication\f1
for the cluster or replica set. for the cluster or replica set.
.PP .PP
@ -982,14 +974,12 @@ authentication or the alternative
\fB\&.pem\f1 file specified in the \fB\-\-tlsCertificateKeyFile\f1\f1 option or \fB\&.pem\f1 file specified in the \fB\-\-tlsCertificateKeyFile\f1\f1 option or
the certificate returned by the \fB\-\-tlsCertificateSelector\f1\f1\&. the certificate returned by the \fB\-\-tlsCertificateSelector\f1\f1\&.
.PP .PP
If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1
must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&.
.PP .PP
\fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on \fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on
connection if the presented x.509 certificate expires within \fB30\f1 connection if the presented X.509 certificate expires within \fB30\f1
days of the \fBmongod/mongos\f1 host system time. See days of the \fBmongod/mongos\f1 host system time.
\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more
information.
.PP .PP
For more information about TLS and MongoDB, see For more information about TLS and MongoDB, see
\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and \fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
@ -999,17 +989,17 @@ For more information about TLS and MongoDB, see
\fBmongos \-\-tlsClusterPassword\f1 \fBmongos \-\-tlsClusterPassword\f1
.RS .RS
.PP .PP
Specifies the password to decrypt the x.509 certificate\-key file Specifies the password to decrypt the X.509 certificate\-key file
specified with \fB\-\-tlsClusterFile\f1\&. Use the \fB\-\-tlsClusterPassword\f1\f1 option only specified with \fB\-\-tlsClusterFile\f1\&. Use the \fB\-\-tlsClusterPassword\f1\f1 option only
if the certificate\-key file is encrypted. In all cases, the \fBmongos\f1 if the certificate\-key file is encrypted. In all cases, the \fBmongos\f1
redacts the password from all logging and reporting output. redacts the password from all logging and reporting output.
.RS .RS
.IP \(bu 2 .IP \(bu 2
On Linux/BSD, if the private key in the x.509 file is encrypted and On Linux/BSD, if the private key in the X.509 file is encrypted and
you do not specify the \fB\-\-tlsClusterPassword\f1\f1 option, MongoDB prompts for a you do not specify the \fB\-\-tlsClusterPassword\f1\f1 option, MongoDB prompts for a
passphrase. See \fBTLS/SSL Certificate Passphrase\f1\&. passphrase. See \fBTLS/SSL Certificate Passphrase\f1\&.
.IP \(bu 2 .IP \(bu 2
On macOS or Windows, if the private key in the x.509 file is On macOS or Windows, if the private key in the X.509 file is
encrypted, you must explicitly specify the \fB\-\-tlsClusterPassword\f1\f1 option. encrypted, you must explicitly specify the \fB\-\-tlsClusterPassword\f1\f1 option.
Alternatively, you can either use a certificate from the secure Alternatively, you can either use a certificate from the secure
system store (see \fB\-\-tlsClusterCertificateSelector\f1\f1) instead of a cluster PEM file or system store (see \fB\-\-tlsClusterCertificateSelector\f1\f1) instead of a cluster PEM file or
@ -1173,10 +1163,8 @@ The \fBthumbprint\f1 is sometimes referred to as a
.RE .RE
.PP .PP
\fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on \fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on
connection if the presented x.509 certificate expires within \fB30\f1 connection if the presented X.509 certificate expires within \fB30\f1
days of the \fBmongod/mongos\f1 host system time. See days of the \fBmongod/mongos\f1 host system time.
\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more
information.
.RE .RE
.PP .PP
\fBmongos \-\-tlsCRLFile\f1 \fBmongos \-\-tlsCRLFile\f1
@ -1242,7 +1230,7 @@ connect.
.PP .PP
If you specify If you specify
\fB\-\-tlsAllowInvalidCertificates\f1 or \fBtls.allowInvalidCertificates: \fB\-\-tlsAllowInvalidCertificates\f1 or \fBtls.allowInvalidCertificates:
true\f1 when using x.509 authentication, an invalid certificate is true\f1 when using X.509 authentication, an invalid certificate is
only sufficient to establish a TLS connection but is only sufficient to establish a TLS connection but is
\fIinsufficient\f1 for authentication. \fIinsufficient\f1 for authentication.
.PP .PP
@ -1504,8 +1492,9 @@ The \fB<field>\f1 can be \fBany field in the audit message\f1, including fields
To specify an audit filter, enclose the filter document in single To specify an audit filter, enclose the filter document in single
quotes to pass the document as a string. quotes to pass the document as a string.
.PP .PP
To specify the audit filter in a \fBconfiguration file\f1, you must use the YAML format of To specify the audit filter in a
the configuration file. \fBconfiguration file\f1, you must use the YAML format
of the configuration file.
.PP .PP
Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server) Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)
and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&.
@ -1586,6 +1575,13 @@ only and not the profiler since profiling is not available on
.RE .RE
.SS LDAP AUTHENTICATION AND AUTHORIZATION OPTIONS .SS LDAP AUTHENTICATION AND AUTHORIZATION OPTIONS
.PP .PP
Starting in MongoDB 8.0, LDAP authentication and authorization is
deprecated. LDAP is available and will continue to operate without
changes throughout the lifetime of MongoDB 8. LDAP will be removed in a
future major release.
.PP
For details, see \fBLDAP Deprecation\f1\&.
.PP
\fBmongos \-\-ldapServers\f1 \fBmongos \-\-ldapServers\f1
.RS .RS
.PP .PP
@ -1745,7 +1741,7 @@ libraries by default. Defer to the documentation associated with each
SASL mechanism for guidance on installation and configuration. SASL mechanism for guidance on installation and configuration.
.PP .PP
If using the \fBGSSAPI\f1 SASL mechanism for use with If using the \fBGSSAPI\f1 SASL mechanism for use with
\fBKerberos Authentication\f1, verify the following for the \fBKerberos Authentication on Self\-Managed Deployments\f1, verify the following for the
\fBmongos\f1 host machine: \fBmongos\f1 host machine:
.PP .PP
\fBLinux\f1\f1 \fBLinux\f1\f1