Configure LDAP authentication for Kafka brokers

Learn how to configure LDAP authentication for Kafka brokers.

You can enable Kafka to use LDAP credentials for client to broker authentication. Broker configuration is done by configuring the required properties in Cloudera Manager.

In Cloudera Manager, select the Kafka service.
Select Configuration.
Enable LDAP authentication:
1. Find the SASL/PLAIN Authentication property.
2. Click the radio button next to LDAP. Do this for all required Kafka services.
Optional: Configure the allow list of LDAP URLs.

note
Configuring the allow list of LDAP URLs is available from Cloudera Runtime 7.3.1.600 SP3 CHF1 or higher.

You can restrict which LDAP URLs Kafka is allowed to connect to by configuring the com.cloudera.kafka.ldap.allowed.urls Java option. By specifying a trusted list of LDAP servers, you can have stricter control over the LDAP servers Kafka can access.
1. Find the Additional Broker Java Options property.
2. Add the com.cloudera.kafka.ldap.allowed.urls Java option. For example:
```
-Dcom.cloudera.kafka.ldap.allowed.urls=http://www.ldap-example-1.com,http://www.ldap-example-2.com
```
Click Save Changes.
Restart the Kafka service.

LDAP authentication is configured for the brokers.

Configure clients to use LDAP authentication.