Authenticating a cluster with LDAP

DataStax Enterprise supports LDAP authentication support for external LDAP services.

The Lightweight Directory Access Protocol (LDAP) is a standard way of authenticating users across applications. DataStax Enterprise supports LDAP authentication for external LDAP services.

When you enable LDAP authentication in DataStax Enterprise, users that are managed by external LDAP servers can be authenticated by DataStax Enterprise. Authenticated users can then be authorized to access Cassandra objects, as described in Managing object permissions using internal authorization.

LDAP authentication is supported in the following DataStax Enterprise components:
  • CQL
  • DSE Analytics
    • Spark
    • Hadoop
    • Hive
    • Pig
  • Sqoop
LDAP authentication is supported by the following component:
  • DevCenter 1.5.0 and greater
LDAP authentication is not supported in the following components:
  • OpsCenter versions earlier than 5.2
  • Mahout
  • DevCenter earlier than 1.5.0
  • Solr using the HTTP interface
    Note: Because of the stateless property of HTTP when using LDAP, each issued request verifies credentials and can significantly degrade performance when using the HTTP interface. Use Kerberos or search using CQL instead.