Available when using an authoring Data Collector version 4.1.0 or later.

To create a MongoDB connection, one of the MongoDB stage libraries, streamsets-datacollector-mongodb_<version>-lib, must be installed on the selected authoring Data Collector.

Tip: To view the complete list of supported stage libraries, expand the list of libraries next to the Test Connection button when you create or edit a connection.

For a description of the MongoDB connection properties, see MongoDB Connection Properties.

After you create a MongoDB connection, you can use the connection in the following stages:
Engine Stages
Data Collector 4.1.0 or later
  • MongoDB origin
  • MongoDB Oplog origin
  • MongoDB Lookup processor
  • MongoDB destination


Based on the authentication used by the MongoDB server, configure the stage to use no authentication, username/password authentication, or LDAP authentication. When using username/password authentication, you can also use delegated authentication. When using LDAP authentication, you can use server-driven authentication or plain authentication.

By default, the connection uses no authentication.

To use username/password or LDAP authentication, enter the required credentials in one of the following ways:
Connection string
Enter credentials in the connection string on the MongoDB tab.
To enter credentials for username/password authentication, enter the username and password before the host name. Use the following format:
To enter credentials for LDAP authentication, enter the username and password before the host name, and set the authMechanism option to PLAIN. Use the following format:
Credentials tab
Select either the Username/Password or LDAP authentication type on the Credentials tab. When using LDAP authentication, you also choose between server-driven or plain authentication.
Then, you specify the username and password for the authentication type.

Enabling SSL/TLS

You can enable MongoDB connections to use SSL/TLS to connect to MongoDB.
  1. On the Advanced tab for the stage, select the SSL Enabled property.
  2. If the MongoDB certificate is signed by a private CA or not trusted by the default Java truststore, create a custom truststore file or modify a copy of the default Java truststore file to add the CA to the file. Then configure Data Collector to use the modified truststore file.

    By default, Data Collector uses the Java truststore file located in $JAVA_HOME/jre/lib/security/cacerts. If your certificate is signed by a CA that is included in the default Java truststore file, you do not need to create a truststore file and can skip this step.

    In these steps, we show how to modify the default truststore file to add an additional CA to the list of trusted CAs. If you prefer to create a custom truststore file, see the keytool documentation.
    Note: If Data Collector is already configured to use a custom truststore file to enable HTTPS or for secure connections to an LDAP server, then simply add this additional CA to the same modified truststore file.
    1. Use the following command to set the JAVA_HOME environment variable:
      export JAVA_HOME=<Java home directory>
    2. Use the following command to set the SDC_CONF environment variable:
      export SDC_CONF=<Data Collector configuration directory>
      For example, for an RPM installation use:
      export SDC_CONF=/etc/sdc
    3. Use the following command to copy the default Java truststore file to the Data Collector configuration directory:
      cp "${JAVA_HOME}/jre/lib/security/cacerts" "${SDC_CONF}/truststore.jks"
    4. Use the following keytool command to import the CA certificate into the truststore file:
      keytool -import -file <certificate> -trustcacerts -noprompt -alias <alias> -storepass <password> -keystore "${SDC_CONF}/truststore.jks"
    5. Define the following options in the SDC_JAVA_OPTS environment variable:
      • - Path to the truststore file on the Data Collector machine.
      • - Truststore password.

      Modify environment variables using the method required by your installation type.

      For example, define the options as follows:
      export SDC_JAVA_OPTS="${SDC_JAVA_OPTS} -Xmx1024m -Xms1024m -server -XX:-OmitStackTraceInFastThrow"

      Or to avoid saving the password in the export command, save the password in a text file and then define the truststore password option as follows:$(cat passwordfile.txt)

      Then ensure that the password file is readable only by the user executing the export command.

    6. Restart Data Collector to enable the changes.

MongoDB Connection Properties

When creating a MongoDB connection, configure the following property on the MongoDB tab:
MongoDB Property Description
Connection string for the MongoDB instance. Use the following format:
When connecting to a cluster, enter additional node information to ensure a connection.
If the MongoDB server uses username/password or LDAP authentication, you can include the credentials in the connection string, as described in Credentials.
Configure the following authentication properties on the Authentication tab:
Authentication Property Description
Authentication Type Authentication used by the MongoDB server: Username/Password or LDAP.
Authentication Mechanism LDAP authentication method: server-driven or plain authentication.
Username MongoDB or LDAP user name.
Password MongoDB or LDAP password.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Authentication Source An optional alternate database name to perform delegated authentication.

Available for the Username/Password option.

On the Advanced tab, optionally configure the following properties:
Advanced Property Description
SSL Enabled Enables SSL/TLS.

If the MongoDB certificate is signed by a private CA or not trusted by the default Java truststore, you also must define the truststore file and password in the SDC_JAVA_OPTS environment variable, as described in Enabling SSL/TLS.

SSL Invalid Host Name Allowed Specifies whether invalid host names are allowed in SSL/TLS certificates.