Creating LDAP users

Create a superuser and other users in Cassandra.

DataStax Enterprise automatically creates a cassandra superuser but it is unlikely that this user will be available on the remote LDAP service. Use the following steps to create a superuser and other users in Cassandra.

Procedure

  1. In the cassandra.yaml file, set the authenticator to org.apache.cassandra.auth.PasswordAuthenticator.
    The location of the cassandra.yaml file depends on the type of installation:
    Package installations /etc/dse/cassandra/cassandra.yaml
    Tarball installations install_location/resources/cassandra/conf/cassandra.yaml 
    authenticator: org.apache.cassandra.auth.PasswordAuthenticator
  2. Start cqlsh and login using the superuser name and password. 
    ./cqlsh -u cassandra -p cassandra
  3. Create the other LDAP users but give them blank passwords. Be sure to create at least one with superuser privileges. These users need to match the available users in the remote LDAP service.
  4. Re-enable LDAP authorization in the cassandra.yaml file. 
    authenticator: com.datastax.bdp.cassandra.auth.LdapAuthenticator
  5. Login as the new superuser and delete the default cassandra user.
    Note: This step is highly recommended to improve the security DataStax Enterprise.
  6. Enable LDAP authentication on each node in the cluster.