Changed in version 4.0: Remove support for the deprecated MONGODB-CR authentication mechanism.Available for both and.Specifies the list of authentication mechanisms the server accepts. Setthis to one or more of the following values.
If you specify multiplevalues, use a comma-separated list and no spaces. For descriptionsof the authentication mechanisms, see. ValueDescriptionstandardSalted Challenge Response Authentication Mechanism using the SHA-1hash function.standardSalted Challenge Response Authentication Mechanism using the SHA-256hash function.Requires featureCompatibilityVersion set to 4.0. New in version 3.6.Default: 7776000 seconds (90 days)Specifies the number of seconds for which anis valid before rotating to the next one. This parameter is intendedprimarily to facilitate authentication testing.You can only set duringstart-up, and cannot change this setting with thedatabase command. LdapUserCacheInvalidationIntervalFor use with MongoDB servers using.The interval (in seconds) MongoDB waitsbetween external user cache flushes. After MongoDB flushes the externaluser cache, the next operation an LDAP-authorized user, MongoDBreacquires authorization data from the LDAP server.Increasing the value specified increases the amount of timeMongoDB and the LDAP server can be out of sync, but reduces the load onthe LDAP server.
Client application debugging and performance monitoring is easier when you can clearly match server events with particular client requests. With this in mind, recent MongoDB drivers and client applications (including the mongo shell) have the ability to send identifying information at the time of connection to the server. After the connection.
Conversely, decreasing the value specifieddecreases the time MongoDB and the LDAP server can be out of sync whileincreasing the load on the LDAP server.Defaults to 30 seconds. Changed in version 4.0: With the use of native TLS/SSL libraries, the parameteris supported for Linux/BSD andno longer supported in Windows and macOS. See.Specify the cipher string for OpenSSL when using TLS/SSL encryption.For a list of cipher strings, seeYou can only set during start-up, andcannot change this setting using thedatabase command.For version 4.2 and greater, the use of TLS options is preferredover SSL options. The TLS options have the same functionality asthe SSL options. NoteAvailable only in MongoDB Enterprise (except MongoDB Enterprise for Windows).Available for both and.Specify the path to the Unix Domain Socket of the saslauthdinstance to use for proxy authentication. SaslHostNameAvailable for both and.overrides MongoDB’s default hostnamedetection for the purpose of configuring SASL and Kerberosauthentication.does not affect the hostname of theor instance for any purposebeyond the configuration of SASL and Kerberos.You can only set during start-up, andcannot change this setting using thedatabase command. New in version 3.0.0.Default: 10000Available for both and.Changes the number of hashing iterations used for all newSCRAM-SHA-1 passwords.
More iterations increase the amount oftime required for clients to authenticate to MongoDB, but makespasswords less susceptible to brute-force attempts. The defaultvalue is ideal for most common use cases and requirements.If you modify this value, it does not change the iteration count forexisting passwords.
The value mustbe 5000 or greater.For example, the following sets theto 12000. New in version 4.0.Default: 15000Available for both and.Changes the number of hashing iterations used for all newSCRAM-SHA-256 passwords. More iterations increase the amount oftime required for clients to authenticate to MongoDB, but makespasswords less susceptible to brute-force attempts. The defaultvalue is ideal for most common use cases and requirements.If you modify this value, it does not change iteration count forexisting passwords. The valuemust be 5000 or greater.For example, the following sets theto 20000. New in version 4.2.Available for both and.A TLS certificate is set for a oreither by theoption or by theoption whenis not set.
If the TLScertificate is set, by default, the instance sends the certificate wheninitiating intra-cluster communications with otheror instances inthe deployment. Set tlsWithholdClientCertificate to 1 or true todirect the instance to withhold sending its TLS certificate during thesecommunications. Use this option with(to allow inbound connections without certificates) on all members of thedeployment. TlsWithholdClientCertificate is mutually exclusive with. New in version 4.2.Available for both and.An alternative Distinguished Name (DN) that the instance can alsouse to identify members of the deployment.For a MongoDB deployment that uses x.509 certificates for, deployment members identifyeach other using x.509 certificates (, if specified, and) during intra-clustercommunications.
For members of the same deployment, the DN fromtheir certificates must have the same Organization attributes( O’s), the Organizational Unit attributes ( OU’s), and theDomain Components ( DC’s).If is set for a member,the member can also use the override value when comparing the DNcomponents ( O’s, OU’s, and DC’s) of the presentedcertificates. That is the member checks the presented certificatesagainst its/.If the DN does not match, the member checks the presentedcertifcate against thevalue. Deprecated since version 4.2: Use instead.Available for both and.A TLS certificate is set for a oreither by theoption or by theoption whenis not set. If the TLScertificate is set, by default, the instance sends the certificate wheninitiating intra-cluster communications with otheror instances inthe deployment.
Set sslWithholdClientCertificate to 1 or true todirect the instance to withhold sending its TLS certificate during thesecommunications. Use this option with(to allow inbound connections without certificates) on all members of thedeployment.
SslWithholdClientCertificate is mutually exclusive with. UserCacheInvalidationIntervalSecsDefault: 30Available for only.On a instance, specifies the interval (in seconds)at which the instance checks to determine whetherthe in-memory cache of has stale data, and if so,clears the cache. If there are no changes to user objects,will not clear the cache.This parameter has a minimum value of 1 second and a maximumvalue of 86400 seconds (24 hours). Enterprise FeatureAvailable in MongoDB Enterprise only.The number of milliseconds to wait before informing clients that theirauthentication attempt has failed.
This parameter may be in the range0 to 5000, inclusive.Setting this parameter makes brute-force login attacks on a databasemore time-consuming. However, clients waiting for a response from theMongoDB server still consume server resources, and this may adverselyimpact benign login attempts if the server is denying access to manyother clients simultaneously.
AllowRolesFromX509CertificatesDefault: trueAvailable for both and.Available starting in MongoDB 4.0.11 (and 3.6.14 and 3.4.22)A boolean flag that allows or disallows the retrieval ofauthorization roles from client x.509 certificates.You can only set duringstartup in the config file or on the command line. Changed in version 4.2:.MongoDB removes the for(fCV) set to'4.2' or greater.In concert with the removal of the limit,failIndexTooLong only applies for MongoDB 2.6through MongoDB versions with (fCV) set to '4.0' or earlier.For MongoDB 2.6 through MongoDB versions withfeatureCompatibilityVersion (fCV) set to '4.0' or earlier,applies. If youattempt to insert or update a document whose index field exceedsthe, the operationwill fail and return an error to the client.To avoid this issue, consider using or indexing a computed value. If you have anexisting data set and want to disable this behavior so you canupgrade and then gradually resolve these indexing issues, you canuse to disable this behavior. New in version 3.4.Default: 500Limits the amount of memory that simultaneous indexbuilds on one collection may consume for the duration of thebuilds. The specified amount of memory is shared between allindexes built using a singlecommand or its shell helper.The memory consumed by an index build is separate from theWiredTiger cache memory (see).Index builds may be initiated either by a user commandsuch asor by an administrative process such as an.Both are subject to the limit set by.An populatesonly one collection at a time and has no risk of exceeding the memorylimit. However, it is possible for a user to start indexbuilds on multiple collections in multiple databases simultaneouslyand potentially consume an amount of memory greater than the limitset in.
Note. Starting in MongoDB 4.2, the is available in both the Community andMongoDB Enterprise editions. In earlier versions (3.2.16+, 3.4.7+, 3.6.0+, 4.0.0+), theis onlyavailable in MongoDB Enterprise edition.Determines how frequent the checks the status of the monitoredfilesystems:. The directory. The journal directory inside the directory ifis enabled.
The directory of file. The directory of fileValid values for watchdobgPeriodSeconds are:.1 (the default), to disable/pause, or. An integer greater than or equal to 60. Diagnostic ParametersTo facilitate analysis of the MongoDB server behavior by MongoDBengineers, MongoDB logs server statistics to diagnostic files atperiodic intervals.For, the diagnostic data files are stored in thediagnostic.data directory under the instance’s-dbpath or.For, the diagnostic data files, by default, arestored in a directory under the instance’s-logpath or directory. The diagnosticdata directory is computed by truncating the logpath’s fileextension(s) and concatenating diagnostic.data to the remainingname.For example, if has -logpath /var/log/mongos.log.201708015, then the diagnostic data directory is/var/log/mongos.diagnostic.data/ directory. To specify a differentdiagnostic data directory for, set theparameter.The following parameters support diagnostic data capture (FTDC).
For testing purposes onlyThis parameter is intended for testing purposes only and not forproduction use.The time in minutes that a remains activeafter its most recent use. Sessions that have not received a newread/write operation from the client or been refreshed withwithin this threshold are cleared from thecache. State associated with an expired session may be cleaned up by theserver at any time.This parameter applies only to the instance on which it is set. Toset this parameter on replica sets and sharded clusters, you mustspecify the same value on every member; otherwise, sessions willnot function properly.You can only set atstartup and cannot change this setting with thecommand.For example, to set thefor a test instance to 20 minutes.
New in version 3.6.Available for both and.Type: integerDefault: 31536000 (1 year)The maximum amount by which the current cluster time can be advanced;i.e., is the maximumdifference between the new value of the cluster time and the currentcluster time. Cluster time is a logical time used for ordering ofoperations.You cannot advance the cluster time to a new value if the newcluster time differs from the current cluster time by more than,You can only set atstartup and cannot change this setting with thecommand.For example, to set thefor a instance to 15 minutes.
New in version 4.2.Type: integerDefault: 10The target maximum lag when runningwith flow control. When flow control is enabled, the mechanismattempts to keep the lag underthe specified seconds. The parameter has no effect if flow controlis disabled.The specified value must be greater than 0.In general, the default settings should suffice; however, ifmodifying from the default value, decreasing, rather thanincreasing, the value may prove to be more useful.
New in version 3.2.Type: integerDefault: 16Available for only.Number of threads to use to apply replicated operations in parallel.Values can range from 1 to 256 inclusive. You can only setat startup and cannot change thissetting with the command. RollbackTimeLimitSecsType: 64-bit integerDefault: 86400 (1 day)Maximum age of data that can be rolled back. New in version 4.0.2.Type: booleanDefault: trueA flag that can reduce the downtime after the primary steps downfrom either the method or thecommand.
Specifically, if true, when aprimary steps down after (or thecommand without the force: true),it nominates an eligible secondary to call an election immediately.If false, after the step down, secondaries can wait up tobefore calling an election.An eligible secondary must be caught up with the stepped downprimary and have greater than 0. Ifmultiple secondary members meet this criteria, the stepped downprimary selects the eligible secondary with the highest. If the more than one eligiblesecondary members have the same, thestepped down primary selects the secondary with the lowest. The stepped down primary does not waitfor the effects of the handoff.The parameter has no impact if the primary steps down for reasonsother than (or thecommand without the force: true). ReplBatchLimitBytesDefault: 104857600 (100MB)Sets the maximum oplog application batch size in bytes.Values can range from 16777216 (16MB) to 104857600 (100MB) inclusive.The following example setsto 64 MB so that the rollback files are not created.
NoteStarting in version 4.2, MongoDB removes the parameterAsyncRequestsSenderUseBaton and always enables the performanceenhancement controlled by the parameter. ReplMonitorMaxFailedChecksAvailable in MongoDB 3.2 onlyType: integerDefault: 30The number of times the orinstance tries to reach the replica sets in the sharded cluster(e.g. Shard replica sets, config server replica set) to monitor thereplica set status and topology.When the number of consecutive unsuccessful attempts exceeds thisparameter value, the or instancedenotes the monitored replica set as unavailable. If the monitoredreplica set is the config server replica set:.
For MongoDB 3.2.0-3.2.9, the monitoring orinstance will become unusable and needs to berestarted. See the for more details. For MongoDB 3.2.10 and later 3.2-series, see also.timeOutMonitoringReplicaSetsAvailable in MongoDB 3.2.10 and later 3.2-series onlyType: integerDefault: falseThe flag that determines whether the orinstance should stop its attempt to reach themonitored replica set after unsuccessfully tryingnumber of times.If the monitored replica set is the config server replica set andis set to true, youmust restart or if theor instance cannot reach any ofthe config servers for the specified number of times. See thefor more details. ShardingTaskExecutorPoolHostTimeoutMSType: integerDefault: 300000 (i.e. 5 minutes)Available for only.Maximum time that goes without communication to ahost before drops all connections to the host.You can only set this parameter during start-up and cannot changethis setting using the database command.If set, should begreater than the sum ofand. Otherwise,adjusts the value ofto be greater than thesum.
New in version 3.6.Type: integerDefault: 2Available for only.Maximum number of simultaneous initiating connections (includingpending connections in setup/refresh state) each TaskExecutorconnection pool can have to a instance. You canset this parameter to control the rate at whichadds connections to a instance.If set, should beless than or equal to.If it is greater, ignores thevalue.You can only set this parameter during start-up and cannot changethis setting using the database command.
See alsoShardingTaskExecutorPoolMinSizeType: integerDefault: 1Available for only.Minimum number of outbound connections each TaskExecutor connectionpool can open to any given instance.ShardingTaskExecutorPoolMinSize connections are created thefirst time a connection to a new host is requested from the pool.While the pool is idle, the pool maintains this number ofconnections untilmilliseconds pass without any application using that pool.You can only set this parameter during start-up and cannot changethis setting using the database command. New in version 4.2.Type: stringDefault: “matchPrimaryNode”Available for only.The policy that determines the minimum size limit of theinstance’s connection pools to the shardedcluster’s replica set secondaries.Available values are: Matching PolicyDescription'matchPrimaryNode' (Default)For each replica set in the sharded cluster (i.e. Shardreplica set and config servers), the minimum size limit ofthe instance’s connection pool to eachsecondary of that replica set is equal to the size of itsconnection pool to the primary.In case of primary stepdown, matchPrimaryNode ensuresthat any secondary that becomes the primary can handle thecurrent level of primary reads and writes.' MatchBusiestNode'For each replica set in the sharded cluster (i.e. Shardreplica set and config servers), the minimum size limit ofthe instance’s connection pool to eachmember of that replica set is equal to the largest amongthe active connections counts to the primary and eachsecondary members.With 'matchBusiestNode', maintainsenough connections to each secondary to handle the currentlevel of primary and secondary reads and writes.
The numberof connections to maintain in the pool decreases as thenumber of active connections decreases.' Disabled'For each replica set in the sharded cluster (i.e. Shardreplica set and config servers), the minimum number ofconnections in the instance’sconnection pool to each secondary is equal to the.The following example sets theto'matchBusiestNode' during startup. New in version 3.6.Default: 900 (15 minutes)Available for only.Minimum delay before a migrated is deleted from the sourceshard.Before deleting the chunk during chunk migration, MongoDB waits foror for in-progress queries involvingthe chunk to complete on the shard primary, whichever is longer.However, because the shard primary has no knowledge of in-progress queriesrun on the shard secondaries, queries that use the chunk but are run onsecondaries may see documents disappear if these queries take longer thanthe time to complete the shard primary queries and the.
New in version 4.0.1: The parameter is also available starting in 3.4.17 and 3.6.7.Available for only.Type: Non-negative integerDefault: 20The amount of time in milliseconds to wait before the next batch ofdeletion during the cleanup stage of (or thecommand).In MongoDB 3.4, consider whether is set before modifying the. In MongoDB 3.4, theoccurs after each document deletioninstead of after the batch deletion.In MongoDB 3.6+, the occurs after each batch deletion.The following sets the to 200milliseconds. New in version 4.0.Available for only.Type: integerDefault: 5The maximum amount of time in milliseconds that should wait to acquire locksrequired by the operations in the transaction.If the transaction cannot acquire the locks after waiting, the transactionaborts.By default,wait 5 milliseconds. That is, if the transaction cannot acquirethe locks within 5 milliseconds, the transaction aborts. If anoperation provides a greater timeout in a lock request,overrides theoperation-specific timeout.You can set to:.
0 such that if the transaction cannot acquire the requiredlocks immediately, the transaction aborts. A number greater than 0 to wait the specified time to acquirethe required locks. This can help obviate transaction aborts onmomentary concurrent lock acquisitions, like fast-running metadataoperations.
However, this could possibly delay the abort ofdeadlocked transaction operations.1 to use the operation specific timeout.The following sets theto 20milliseconds.