Configure LDAP authentication for Kafka brokers

Learn how to configure LDAP authentication for Kafka brokers.

You can enable Kafka to use LDAP credentials for client to broker authentication. Broker configuration is done by configuring the required properties in Cloudera Manager.

  1. In Cloudera Manager, select the Kafka service.
  2. Select Configuration.
  3. Enable LDAP authentication:
    1. Find the SASL/PLAIN Authentication property.
    2. Click the radio button next to LDAP. Do this for all required Kafka services.
  4. Configure the LDAP URL:
    1. FInd the LDAP URL property.
    2. Add your LDAP server URL.
      For example:
      ldap://cloudera.example.com:636
  5. Find and configure the LDAP User DN Template property.
    The property specifies a template that Kafka uses to translate short names into Distinguished Names (DNs). The template that you need to specify will depend on your LDAP service and the schema of the DN's it accepts. The following list collects a number of common examples.
    • If your DN's include the short name in the uid component, for example:
      uid=jsmith,ou=users,dc=mycompany,dc=com
      You can use a template similar to the following:
      uid={0},ou=users,dc=mycompany,dc=com
    • If your LDAP service accepts usernames in the form of:
      jsmith@mycompany.com
      You can use the following template:
      {0}@mycompany.com
    • If your LDAP service accepts usernames that do not have a domain, for example:
      jsmith
      You can use the following template:
      {0}
  6. Click Save Changes.
  7. Restart the Kafka service.
LDAP authentication is configured for the brokers.
Configure clients to use LDAP authentication.