Creating LDAP users

Create a super user and other users in Cassandra.

The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/cassandra/cassandra.yaml
Tarball installations install_location/resources/cassandra/conf/cassandra.yaml

DataStax Enterprise automatically creates a cassandra super user but it is unlikely that this user will be available on the remote LDAP service. Use the following steps to create a super user and other users in Cassandra.

Procedure

  1. In the cassandra.yaml file, set the authenticator to org.apache.cassandra.auth.PasswordAuthenticator. 
    authenticator: org.apache.cassandra.auth.PasswordAuthenticator
  2. Start cqlsh and login using the super user name and password. 
    $ ./cqlsh -u cassandra -p cassandra
  3. Create the other LDAP users but give them blank passwords. Be sure to create at least one with super user privileges. These users need to match the available users in the remote LDAP service.
  4. Re-enable LDAP authorization in the cassandra.yaml file. 
    authenticator: com.datastax.bdp.cassandra.auth.LdapAuthenticator
  5. Login as the new super user and delete the default cassandra user.
    Note: This step is highly recommended to improve the security DataStax Enterprise.
  6. Enable LDAP authentication on each node in the cluster.