Configure DataStax Mission Control to use LDAP for authentication
DataStax Mission Control is currently in Public Preview. DataStax Mission Control is not intended for production use, has not been certified for production workloads, and might contain bugs and other functional issues. There is no guarantee that DataStax Mission Control will ever become generally available. DataStax Mission Control is provided on an “AS IS” basis, without warranty or indemnity of any kind. If you are interested in trying out DataStax Mission Control please join the Public Preview. |
DataStax Mission Control supports authentication through OpenID Connect (OIDC) and LDAP. This topic describes configuring LDAP authentication within DataStax Mission Control. See Configuring OIDC for the other supported authentication protocol.
Prerequisites
-
The
kubectl
CLI tool, v1.22 or later. -
An instance of DataStax Mission Control, installed through either your own Kubernetes cluster or the runtime installer. See planning for your installation.
-
KOTS
kubectl
plugin installed with this command:`curl -sSL https://kots.io/install | bash`
-
Kubernetes context
pointing to the DataStax Mission Control cluster running the DataStax Mission ControlControl Plane
. Set this up with the following command:kubectl config current-context
Configure DataStax Mission Control to use LDAP for authentication
-
Port-forward to the admin console:
kubectl kots admin-console
-
Navigate to http://127.0.0.1:8800 (password admin) and edit the Mission Control configuration to enable the LDAP connector, providing your environment’s LDAP information:
-
Host ldap.default:389
-
no SSL true
-
Bind DN cn=admin,dc=example,dc=org
-
Bind password Not@SecurePassw0rd
-
User base DN ou=users,dc=example,dc=org
-
User filter (objectClass=inetOrgPerson)
-
Username attribute cn
-
User id attribute uidNumber
-
User email attribute cn (using this because the default schema does not have an email field)
-
User display name attribute cn
-
Preferred username attribute cn
-
Group base DN ou=users,dc=example,dc=org
-
Group filter (objectClass=groupOfNames)
-
Group user matcher
-
- userAttr: dn
-
groupAttr: member
-
-
Group name attribute cn
-
-
Deploy the new configuration.
Test the connection
-
Navigate to the DataStax Mission Control UI and try to connect with LDAP and one of the test users, for example,
user01 / password01
. -
You can also remove the admin user in the Mission Control configuration (by unchecking the Create a temporary admin user selection box), and the
connect with email
option should no longer be available.