Druid Ldap

Hello All,

Does current version of DRUID 0.16.1 supports LDAP in any case. If yes then what is the procedure to enable it

How to map LDAP groups to Basic authentication.

Thanks,

Ashish

Hi Ashish,
The code is merged to master in 0.17.x . Suggest to use 0.17 or latest.

a sample config

druid.auth.authenticatorChain=["ldap"]
druid.auth.authenticator.ldap.type=basic
druid.auth.authenticator.ldap.enableCacheNotifications=true
druid.auth.authenticator.ldap.credentialsValidator.type=ldap
druid.auth.authenticator.ldap.credentialsValidator.url=ldap://<AD host>:<AD port>
druid.auth.authenticator.ldap.credentialsValidator.bindUser=<AD admin user eg: Administrator@example.com>
druid.auth.authenticator.ldap.credentialsValidator.bindPassword=<AD admin password>
druid.auth.authenticator.ldap.credentialsValidator.baseDn=<base dn eg: dc=example,dc=com>
druid.auth.authenticator.ldap.credentialsValidator.userSearch=< this we get the from ldap search eg:(&(sAMAccountName=%s)(objectClass=user))>
druid.auth.authenticator.ldap.credentialsValidator.userAttribute=sAMAccountName
druid.auth.authenticator.ldap.authorizerName=ldapauth
druid.escalator.type=basic
druid.escalator.internalClientUsername=<AD interal user eg:internal>
druid.escalator.internalClientPassword=<pwd>
druid.escalator.authorizerName=ldapauth
druid.auth.authorizers=["ldapauth"]
druid.auth.authorizer.ldapauth.type=basic
druid.auth.authorizer.ldapauth.initialAdminUser=<AD user which can act as initial admin user eg: internal>
druid.auth.authorizer.ldapauth.initialAdminRole=admin
druid.auth.authorizer.ldapauth.roleProvider.type=ldap

Thank you for the response.

How can I get 0.17 version when its still not out fot public?

Thanks

Ashish

U.S. BANCORP made the following annotations---------------------------------------------------------------------

Hi TIjo,

Do we have roles also associated with below druid ldap configurations?.

Thanks,

Ashish

Hi Ashsih,
You need to create a role and assign the required permissions to that role. Use the groupmapping to map the LDAP group . Assign the role to group mapping and then you are good to go.

User can login with their LDAP username and pwd and he can access the console only for the permission assigned.

Thanks

Thanks TIjo,

One quick question is how to groupmapping to map the LDAP group?.

Do you mean basic role creation or via LDAP group?

Thanks,

Ashish

On Behalf Of Tijo Thomas