Learn how to configure LDAP authentication for Kafka brokers.
You can enable Kafka to use LDAP credentials for client to broker authentication.
Broker configuration is done by configuring the required properties in Cloudera Manager.
In Cloudera Manager, select the Kafka service.
Select Configuration.
Enable LDAP authentication:
Find the SASL/PLAIN Authentication
property.
Click the radio button next to LDAP. Do this for all
required Kafka services.
Configure the LDAP URL:
FInd the LDAP URL property.
Add your LDAP server URL.
For example:
ldap://cloudera.example.com:636
Find and configure the LDAP User DN Template property.
The property specifies a template that Kafka uses to translate short names into
Distinguished Names (DNs). The template that you need to specify will depend on your LDAP
service and the schema of the DN's it accepts. The following list collects a number of
common examples.
If your DN's include the short name in the uid component, for
example:
uid=jsmith,ou=users,dc=mycompany,dc=com
You
can use a template similar to the
following:
uid={0},ou=users,dc=mycompany,dc=com
If your LDAP service accepts usernames in the form
of:
jsmith@mycompany.com
You can use
the following
template:
{0}@mycompany.com
If your LDAP service accepts usernames that do not have a domain, for
example:
jsmith
You can use the
following template:
{0}
Click Save Changes.
Restart the Kafka service.
LDAP authentication is configured for the brokers.Configure clients to use LDAP authentication.