Configuring LDAP authentication

All the Kafka clusters created in CDP are secure because TLS is enabled to encrypt communications between clients and the cluster, and strong authentication is enforced, requiring clients to authenticate either through Kerberos or LDAP.

In this example, you use LDAP authentication. LDAP authentication is not enabled by default.

You must have connected to the Kafka host.

  1. Provide the client with the security.protocol and sasl.mechanism information to indicate the security protocol and authentication mechanism to use.
  2. Provide the client with the ssl.truststore.location information which is required for the client to trust the brokers' certificates.
    All the Kafka hosts deployed by CDP have a valid truststore deployed at /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks. You need to use this truststore. Later you look at how to create a truststore from scratch.
  3. Provide the client with the sasl.jaas.config information which is the LDAP credentials to use for authentication.
    For a detailed explanation on how to configure TLS/SSL and LDAP authentication for Kafka clients, see Configure Kafka clients.