Skip to content

Instantly share code, notes, and snippets.

@gmflau

gmflau/README.md

Last active March 16, 2018 06:18
Show Gist options
  • Save gmflau/2c5b1939f3df3a7e6bb2554733c7310e to your computer and use it in GitHub Desktop.
Save gmflau/2c5b1939f3df3a7e6bb2554733c7310e to your computer and use it in GitHub Desktop.
Download ZIP
Configuring LDAP for DataStax Enterprise OpsCenter with OpenLDAP
Raw
README.md
  1. Sample opscenterd.conf with [authentication] and [ldap] sections
[authentication]
# Set this option to True to enable OpsCenter authentication.  A default admin
# account will be created with the username "admin" and password "admin".
# Accounts and roles can then be created and modified from within the web UI.
enabled = True
authentication_method = LDAP

[ldap]
server_host = openldap.marathon.l4lb.thisdcos.directory
server_port = 389
search_dn = cn=admin,dc=example,dc=org
search_password = password
user_search_base = ou=People,dc=example,dc=org
user_search_filter = (uid={0})
user_memberof_attribute = memberof
group_search_base = ou=Groups,dc=example,dc=org
group_search_filter_with_dn = (member={0})
group_name_attribute = cn
group_search_type = directory_search
admin_group_name = mygroup
ldap_security = None
#truststore_type = JKS
#truststore = ./truststore.jks 
#truststore_pass = secret
connection_timeout = 20
  1. Create the following ldif files to initiatize your OpenLDAP server

File: add_nodes.ldif

dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups

File: memberof_config.ldif

dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: memberof
olcModulePath: /usr/lib/ldap

dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf

File: refint1.ldif

dn: cn=module{1},cn=config
add: olcmoduleload
olcmoduleload: refint

File: refint2.ldif

dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner

File: add_user.ldif

dn: uid=glau,ou=People,dc=example,dc=org
cn: Gilbert Lau
givenName: Gilbert
sn: Lau
uid: glau
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/glau
mail: gilbert.lau@example.org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: cassandra

File: add_group.ldif

dn: cn=mygroup,ou=Groups,dc=example,dc=org
objectClass: groupofnames
cn: mygroup
description: All users
member: uid=glau,ou=People,dc=example,dc=org
  1. Run the following ldapadd and ldapmodify commands in the same order:
You need to install the following packages if not already installed yet:
$ sudo apt-get install slapd ldap-utils

$ ldapadd -x -D cn=admin,dc=test,dc=com -W -f add_nodes.ldif
$ sudo ldapadd -x  -D cn=admin,cn=config -W -f memberof_config.ldif 
$ sudo ldapmodify -x -D cn=admin,cn=config -W -f refint1.ldif
$ sudo ldapadd -x -D cn=admin,cn=config -W -f refint2.ldif 
$ ldapadd -x -D cn=admin,dc=example,dc=org -W -f add_user.ldif
$ ldapadd -x -D cn=admin,dc=example,dc=org -W -f add_group.ldif
  1. Create and run a bash script in your environment below to verify your setup:
#!/bin/bash
OPSC_LOGIN_USER=glau
OPSC_LOGIN_PASSWORD=cassandra
OPSC_SERVER_IP=10.0.1.146
sessionid=$(curl -X POST -d "{\"username\":\"$OPSC_LOGIN_USER\",\"password\":\"$OPSC_LOGIN_PASSWORD\"}" "http://$OPSC_SERVER_IP:8888/login" | sed s/\"sessionid\":\ //g | sed s/[\"{}]//g)
echo $sessionid
RESPONSE=$(curl -H "opscenter-session: $sessionid" http://$OPSC_SERVER_IP:8888/permissions/user)
echo $RESPONSE

It should return similar output below:

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    91    0    49  100    42    279    239 --:--:-- --:--:-- --:--:--   280
5b08d9e96f1b7bfa89f329e093239dba
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   738    0   738    0     0   3794      0 --:--:-- --:--:-- --:--:--  3804
{"ALL_CLUSTER_PERMISSIONS": {"Node Move": true, "Alerting": true, "Cluster Connection": true, "Backup and Restore": true, "View Schema": true, "Install Agent on Cluster": true, "Add Nodes to Cluster": true, "Node Garbage Collect": true, "Node Flush": true, "Performance Service Configuration": true, "View Cluster": true, "Truncate Data": true, "Modify Schema": true, "Assassinate Controller": true, "Cluster Configuration": true, "Performance Service CQL Tracing": true, "Node Cleanup": true, "Data Explorer": true, "Repair Service": true, "Node Start and Stop": true, "Node Decommission": true, "Node Compact": true, "Node Repair": true, "Rebalance Cluster": true, "Node Drain": true, "Remove Token": true, "Best Practice Rules": true}}
  1. Now, you can login to your OpsCenter console using your LDAP account.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment