Configure user authentication

After obtaining your LDAP/AD information, configure LDAP/AD user authentication for Cloudbreak.

Steps

1. On the Cloudbreak host, browse to /var/lib/cloudbreak-deployment.
2. Create a new yml file called uaa-changes.yml.
3. In the yml file enter the following using your LDAP/AD information.

   spring_profiles: postgresql,ldap
   
   ldap:
     profile:
       file: ldap/ldap-search-and-bind.xml
     base:
       url: ldap://10.0.3.138:389
       userDn: cn=Administrator,ou=srv,dc=hortonworks,dc=local
       password: ’mypassword’
       searchBase: ou=Users,dc=hortonworks,dc=local
       searchFilter: mail={0}
     groups:
       file: ldap/ldap-groups-map-to-scopes.xml
       searchBase: ou=Groups,dc=hortonworks,dc=local
       searchSubtree: false
       maxSearchDepth: 1
       groupSearchFilter: member={0}
       autoAdd: true

   If using LDAPS, use an LDAPS URL such as ldaps://10.0.3.138:636.

4. If you have an LDAP server certificate that you would like to use, copy it to the certs directory within the Cloudbreak deployment directory. By default, this is /var/lib/cloudbreak-deployment/certs/.
5. Save the file and restart Cloudbreak.

   If using an LDAP server certificate, when the identity container starts, it imports all certificates from the certs directory to JVM's trust store, enabling UAA to trust the LDAP server certificate.