Enabling LDAP on Druid
To enable authentication and authorization for Druid, incorporate the provided configurations into the Custom druid-Common settings.
Here are the Kerberos configurations specific to Druid.
x
druid.auth.authenticator.ldap.authorizerName=ldapauthdruid.auth.authenticator.ldap.credentialsValidator.baseDn=<base-dn>druid.auth.authenticator.ldap.credentialsValidator.bindPassword=<bindPassword>druid.auth.authenticator.ldap.credentialsValidator.bindUser=<bindUser>druid.auth.authenticator.ldap.credentialsValidator.type=ldapdruid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:<port>druid.auth.authenticator.ldap.credentialsValidator.userAttribute=<userAttribute>druid.auth.authenticator.ldap.credentialsValidator.userSearch=<userSearch>druid.auth.authenticator.ldap.enableCacheNotifications=truedruid.auth.authenticator.ldap.type=basicdruid.auth.authenticatorChain=["ldap"]druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=<ldapGroup-Attribute>druid.auth.authorizer.ldapauth.initialAdminRole=admindruid.auth.authorizer.ldapauth.initialAdminUser=admindruid.auth.authorizer.ldapauth.roleProvider.type=ldapdruid.auth.authorizer.ldapauth.type=basicdruid.auth.authorizers=["ldapauth"]druid.escalator.type=basicdruid.escalator.authorizerName=ldapauthdruid.escalator.internalClientUsername=<internal-Client-Username>druid.escalator.internalClientPassword=<internal-Client-Password>Presented below is an illustrative example.
druid.auth.authenticator.ldap.authorizerName=ldapauthdruid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=hadoop,dc=apache,dc=orgdruid.auth.authenticator.ldap.credentialsValidator.bindPassword=admin-passworddruid.auth.authenticator.ldap.credentialsValidator.bindUser=uid=admin,ou=people,dc=hadoop,dc=apache,dc=orgdruid.auth.authenticator.ldap.credentialsValidator.type=ldapdruid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:33389druid.auth.authenticator.ldap.credentialsValidator.userAttribute=uiddruid.auth.authenticator.ldap.credentialsValidator.userSearch=(&(cn=%s)(objectClass=inetOrgPerson))druid.auth.authenticator.ldap.enableCacheNotifications=truedruid.auth.authenticator.ldap.type=basicdruid.auth.authenticatorChain=["ldap"]druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=memberdruid.auth.authorizer.ldapauth.initialAdminRole=admindruid.auth.authorizer.ldapauth.initialAdminUser=admindruid.auth.authorizer.ldapauth.roleProvider.type=ldapdruid.auth.authorizer.ldapauth.type=basicdruid.auth.authorizers=["ldapauth"]druid.escalator.type=basicdruid.escalator.authorizerName=ldapauthdruid.escalator.internalClientUsername=internal@example.comdruid.escalator.internalClientPassword=internaluserpasswordWas this page helpful?