A newer version of this documentation is available.

View Latest



      To access Couchbase Server, users must be authenticated. Authentication is a process for identifying who is attempting to access a system. Subsequent to successful authentication, authorization can be performed, whereby the user’s appropriate access-level is determined.

      Authentication can be performed by means of a username and password, assigned to each administrator or application. Authentication can also be performed by means of X.509 Certificates: these support Transport Layer Security, by establishing the identity of a client or server through digital signatures. They also provide keys to support on-the-wire encryption, according to the conventions of Public Key Infrastructure (PKI).

      Couchbase Server assigns each user to one of two authentication domains: the local domain consisting of users whose credentials are maintained by Couchbase Server itself; the external domain consisting of users whose credentials are maintained remotely — for example, on an LDAP server.

      For detailed information on these topics, see:

      • Understanding Authentication, which provides an overview of all the key aspects of Couchbase authentication.

      • Usernames and Passwords, which lists the conventions whereby usernames and passwords can be designed and passed by administrators and applications.

      • Authentication Domains, which contains full explanations of the local and external authentication domains supported by Couchbase Server.

      • Certificates, which provides a detailed overview of how certificates are supported by Couchbase Server, for the authentication of clusters, nodes, and client applications.