Enabling LDAP on Druid

To enable authentication and authorization for Druid, incorporate the provided configurations into the Custom druid-Common settings.

Here are the Kerberos configurations specific to Druid.

Config
    
​x
 
druid.auth.authenticator.ldap.authorizerName=ldapauthdruid.auth.authenticator.ldap.credentialsValidator.baseDn=<base-dn>druid.auth.authenticator.ldap.credentialsValidator.bindPassword=<bindPassword>druid.auth.authenticator.ldap.credentialsValidator.bindUser=<bindUser>druid.auth.authenticator.ldap.credentialsValidator.type=ldapdruid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:<port>druid.auth.authenticator.ldap.credentialsValidator.userAttribute=<userAttribute>druid.auth.authenticator.ldap.credentialsValidator.userSearch=<userSearch>druid.auth.authenticator.ldap.enableCacheNotifications=truedruid.auth.authenticator.ldap.type=basicdruid.auth.authenticatorChain=["ldap"]​druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=<ldapGroup-Attribute>druid.auth.authorizer.ldapauth.initialAdminRole=admindruid.auth.authorizer.ldapauth.initialAdminUser=admindruid.auth.authorizer.ldapauth.roleProvider.type=ldapdruid.auth.authorizer.ldapauth.type=basicdruid.auth.authorizers=["ldapauth"]druid.escalator.type=basicdruid.escalator.authorizerName=ldapauthdruid.escalator.internalClientUsername=<internal-Client-Username>druid.escalator.internalClientPassword=<internal-Client-Password>
Copy

Presented below is an illustrative example.

Config
    
 
druid.auth.authenticator.ldap.authorizerName=ldapauthdruid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=hadoop,dc=apache,dc=orgdruid.auth.authenticator.ldap.credentialsValidator.bindPassword=admin-passworddruid.auth.authenticator.ldap.credentialsValidator.bindUser=uid=admin,ou=people,dc=hadoop,dc=apache,dc=orgdruid.auth.authenticator.ldap.credentialsValidator.type=ldapdruid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:33389druid.auth.authenticator.ldap.credentialsValidator.userAttribute=uiddruid.auth.authenticator.ldap.credentialsValidator.userSearch=(&(cn=%s)(objectClass=inetOrgPerson))druid.auth.authenticator.ldap.enableCacheNotifications=truedruid.auth.authenticator.ldap.type=basicdruid.auth.authenticatorChain=["ldap"]​druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=memberdruid.auth.authorizer.ldapauth.initialAdminRole=admindruid.auth.authorizer.ldapauth.initialAdminUser=admindruid.auth.authorizer.ldapauth.roleProvider.type=ldapdruid.auth.authorizer.ldapauth.type=basicdruid.auth.authorizers=["ldapauth"]druid.escalator.type=basicdruid.escalator.authorizerName=ldapauthdruid.escalator.internalClientUsername=internal@example.comdruid.escalator.internalClientPassword=internaluserpassword
Copy

Last updated on Feb 29, 2024

Was this page helpful?