Setting Up Workload XM Users

After you install Workload XM, you can set up users. You can configure local authentication or LDAP authentication to manage access to WXM.

Local Authentication

You can change the default location of the user file that contains the users who can login to the Workload XM UI.

  1. In Cloudera Manager, click Clusters > Workload XM > Configuration.
  2. Search for the following properties:
    • The User Authorization File Directory (user-file.dir) is the local directory for storing the user authorization file required by the Console Server. Default is /etc/wxm/conf.
    • The User Authorization File Name (user-file.name) is the name of the user authorization file required by the Console Server. This file is stored in the directory set by the user-file.dir parameter, and is created at service startup if it does not already exist. If this property is not set, it defaults to user-file.json.
  3. In a terminal, use the command line to ssh into the cluster node that has the WXM Console Server role. You can manage users with the Console Server executable. On the workload XM host, navigate to the following directory:
${PARCELS_ROOT}/WXM/lib/thunderhead-sigma-console

To view the help output, enter this command:

./onprem-linux -h

You can add a user, remove a user, and list a user with the following commands, respectively:

./onprem-linux user add --user-file <user-file.dir><user-file.name>;
./onprem-linux user remove --user-file <user-file.dir><user-file.name>;
./onprem-linux user list --user-file <user-file.dir><user-file.name>;
    

When you add a user, follow the prompts to create the username and password. If you try to edit a user file that does not exist, a prompt asks if you would like to create the file.

To change a user's username or password, first remove the user, then add it back again with the new credentials.

LDAP Authentication

Workload XM supports LDAP authentication through the following properties:

  • Enable LDAP (ldap.enabled)
  • LDAP URL (ldap.url)
  • LDAP Bind User Distinguished Name (ldap.bind_dn)
  • LDAP Bind Password (ldap.bind_password)
  • LDAP Search Base (ldap.search_base)
  • LDAP Search Filter Property (ldap.search_filter_property)
  • LDAP Server CA Certificate (ldap.ca_cert)