LDAP is a widely known authentication methods which is both secure and reliable. We can enable LDAP authentication in few simple steps. The steps below will explain the step by step process to enable LDAP authentication in any Cassandra environment.
We must have a properly configured LDAP v3 server running. The following are the supported LDAP servers.
Microsoft Active Directory: a) Windows 2008 b) Windows 2012
Oracle Directory Server Enterprise Edition 22.214.171.124.0
Before enabling AD, we have to login with password authentication and we need to create the AD users with blank password in Cassandra, and respective permission to the user account should be defined in database using cqlsh.
Open the cassandra.yaml file a) Set the authenticator to com.datastax.bdp.cassandra.auth.DseAuthenticator. b) Set the authorizer to com.datastax.bdp.cassandra.auth.DseAuthorizer.
Open dse.yaml file a) Set the authentication options for the LDAP as the following
b) Set the authorization options for the LDAP as the following
c) Set the role management options for the LDAP as the following
d) Set the configuration details for the LDAP server appropriately
4. Restart the Cassandra node.
5. Repeat the same steps on other nodes in the cluster.