Enabling LDAP on Druid

To enable authentication and authorization for Druid, incorporate the provided configurations into the Custom druid-Common settings.

Here are the Kerberos configurations specific to Druid.

druid.auth.authenticator.ldap.authorizerName=ldapauth druid.auth.authenticator.ldap.credentialsValidator.baseDn=<base-dn> druid.auth.authenticator.ldap.credentialsValidator.bindPassword=<bindPassword> druid.auth.authenticator.ldap.credentialsValidator.bindUser=<bindUser> druid.auth.authenticator.ldap.credentialsValidator.type=ldap druid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:<port> druid.auth.authenticator.ldap.credentialsValidator.userAttribute=<userAttribute> druid.auth.authenticator.ldap.credentialsValidator.userSearch=<userSearch> druid.auth.authenticator.ldap.enableCacheNotifications=true druid.auth.authenticator.ldap.type=basic druid.auth.authenticatorChain=["ldap"] druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=<ldapGroup-Attribute> druid.auth.authorizer.ldapauth.initialAdminRole=admin druid.auth.authorizer.ldapauth.initialAdminUser=admin druid.auth.authorizer.ldapauth.roleProvider.type=ldap druid.auth.authorizer.ldapauth.type=basic druid.auth.authorizers=["ldapauth"] druid.escalator.type=basic druid.escalator.authorizerName=ldapauth druid.escalator.internalClientUsername=<internal-Client-Username> druid.escalator.internalClientPassword=<internal-Client-Password>

Presented below is an illustrative example.

druid.auth.authenticator.ldap.authorizerName=ldapauth druid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=hadoop,dc=apache,dc=org druid.auth.authenticator.ldap.credentialsValidator.bindPassword=admin-password druid.auth.authenticator.ldap.credentialsValidator.bindUser=uid=admin,ou=people,dc=hadoop,dc=apache,dc=org druid.auth.authenticator.ldap.credentialsValidator.type=ldap druid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:33389 druid.auth.authenticator.ldap.credentialsValidator.userAttribute=uid druid.auth.authenticator.ldap.credentialsValidator.userSearch=(&(cn=%s)(objectClass=inetOrgPerson)) druid.auth.authenticator.ldap.enableCacheNotifications=true druid.auth.authenticator.ldap.type=basic druid.auth.authenticatorChain=["ldap"] druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=member druid.auth.authorizer.ldapauth.initialAdminRole=admin druid.auth.authorizer.ldapauth.initialAdminUser=admin druid.auth.authorizer.ldapauth.roleProvider.type=ldap druid.auth.authorizer.ldapauth.type=basic druid.auth.authorizers=["ldapauth"] druid.escalator.type=basic druid.escalator.authorizerName=ldapauth druid.escalator.internalClientUsername=internal@example.com druid.escalator.internalClientPassword=internaluserpassword


  Last updated