DOCSP-18011: Refactor Enterprise Auth structure

Author: npentrel

config/redirects

@@ -1879,6 +1879,14 @@ raw: /manual/core/wildcard -> ${base}/manual/core/index-wildcard/
 
 [v5.0-*]: /${version}/reference/read-concern-majority/#disable-read-concern-majority -> ${base}/${version}/reference/read-concern-majority/#primary-secondary-arbiter-replica-sets
 
+
+#
+# Redirects for 5.1 and greater (if pages are removed in 5.0 that used to exist in earlier versions)
+#
+
+[v5.0-*]: /${version}/core/core/authentication-mechanisms -> ${base}/${version}/core/authentication
+
+
 #
 # Upgrade / Downgrade redirects
 #

source/core/authentication-mechanisms-enterprise.txt

@@ -34,22 +34,90 @@ To get started using access control, follow these tutorials:
 - :ref:`authentication-auth-as-user`
 
 .. _available-authentication-mechanisms:
+.. _security-authentication-mechanisms:
 
 Authentication Mechanisms
 -------------------------
 
-MongoDB Community supports a number of :ref:`authentication mechanisms
-<security-authentication-mechanisms>` that clients can use to verify
-their identity:
+.. _authentication-mechanism-default:
 
-- :ref:`authentication-scram` (*Default*)
-- :ref:`x.509 Certificate Authentication <security-auth-x509>`.
+SCRAM Authentication
+~~~~~~~~~~~~~~~~~~~~
 
-In addition to the preceding mechanisms, MongoDB Atlas and MongoDB
-Enterprise support the following mechanisms:
+:doc:`Salted Challenge Response Authentication Mechanism (SCRAM)
+</core/security-scram>` is the default authentication mechanism for
+MongoDB.
 
-- :ref:`LDAP proxy authentication <security-auth-ldap>`, and
-- :ref:`Kerberos authentication <security-auth-kerberos>`.
+For more information on SCRAM and MongoDB, see:
+
+- :doc:`SCRAM Authentication </core/security-scram>`
+- :ref:`scram-client-authentication`
+
+.. _authentication-mechanism-x509:
+
+x.509 Certificate Authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+MongoDB supports :doc:`x.509 certificate authentication
+</core/security-x.509>` for client authentication and internal
+authentication of the members of replica sets and sharded clusters.
+x.509 certificate authentication requires a secure :doc:`TLS/SSL
+connection </tutorial/configure-ssl>`.
+
+To use MongoDB with x.509, you must use valid certificates generated and
+signed by a certificate authority. The client x.509 certificates
+must meet the :ref:`client certificate requirements
+<client-x509-certificates-requirements>`.
+
+For more information on x.509 and MongoDB, see:
+
+- :doc:`x.509 Certificate Authentication </core/security-x.509>`
+- :ref:`x509-client-authentication`
+
+.. _security-auth-kerberos:
+
+Kerberos Authentication
+~~~~~~~~~~~~~~~~~~~~~~~
+
+`MongoDB Enterprise
+<http://www.mongodb.com/products/mongodb-enterprise-advanced?tck=docs_server>`_
+and `MongoDB Atlas
+<https://www.mongodb.com/cloud/atlas?tck=docs_server>`__ support
+:doc:`Kerberos Authentication </core/kerberos>`. Kerberos is an industry
+standard authentication protocol for large client/server systems that
+provides authentication using short-lived tokens that are called
+tickets.
+
+To use MongoDB with Kerberos, you must have a properly configured
+Kerberos deployment, configured :ref:`Kerberos service principals
+<kerberos-service-principal>` for MongoDB, and a :ref:`Kerberos user
+principal <kerberos-user-principal>` added to MongoDB.
+
+For more information on Kerberos and MongoDB, see:
+
+- :doc:`Kerberos Authentication </core/kerberos>`
+- :doc:`/tutorial/control-access-to-mongodb-with-kerberos-authentication`
+- :doc:`/tutorial/control-access-to-mongodb-windows-with-kerberos-authentication`
+
+.. _security-auth-ldap:
+
+LDAP Proxy Authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`MongoDB Enterprise
+<http://www.mongodb.com/products/mongodb-enterprise-advanced?tck=docs_server>`_
+and `MongoDB Atlas
+<https://www.mongodb.com/cloud/atlas?tck=docs_server>`__ support
+:doc:`LDAP Proxy Authentication </core/security-ldap>` proxy
+authentication through a Lightweight Directory Access Protocol (LDAP)
+service.
+
+For more information on Kerberos and MongoDB, see:
+
+- :doc:`LDAP Proxy Authentication </core/security-ldap>`
+- :doc:`/tutorial/configure-ldap-sasl-activedirectory`
+- :doc:`/tutorial/configure-ldap-sasl-openldap`
+- :doc:`/tutorial/authenticate-nativeldap-activedirectory`
 
 These mechanisms allow MongoDB to integrate into your
 existing authentication system.
@@ -68,8 +136,10 @@ for more information.
    :titlesonly:
    :hidden:
 
-   /core/security-users
-   /core/authentication-mechanisms
-   /core/authentication-mechanisms-enterprise
+   /core/security-scram
+   /core/security-x.509
+   /core/kerberos
+   /core/security-ldap
    /core/security-internal-authentication
    /core/localhost-exception
+   /core/security-users

source/core/authentication-mechanisms.txt

@@ -103,6 +103,16 @@ If these built-in-roles cannot provide the desired set of privileges,
 MongoDB provides methods to create and modify :doc:`user-defined roles
 </core/security-user-defined-roles>`.
 
+LDAP Authorization
+------------------
+
+MongoDB Enterprise supports querying an LDAP server for the LDAP groups the
+authenticated user is a member of. MongoDB maps the Distinguished Names (DN)
+of each returned group to :ref:`roles <roles>` on the ``admin`` database.
+MongoDB authorizes the user based on the mapped roles and their associated
+privileges. See :ref:`LDAP Authorization <security-ldap-external>` for more
+information.
+
 .. toctree::
    :titlesonly:
    :hidden:
@@ -112,3 +122,4 @@ MongoDB provides methods to create and modify :doc:`user-defined roles
    /tutorial/manage-users-and-roles
    /tutorial/change-own-password-and-custom-data
    /core/collection-level-access-control
+   /core/security-ldap-external