• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Project Mission Control

    • Overview
      • Release notes
      • FAQs
      • Get support
    • Installing DataStax Mission Control
      • Plan your install
      • Server-based Runtime Installer
        • Services setup with DataStax Mission Control Runtime Installer
      • Bring your own Kubernetes
        • Install Control Plane
        • Install Data Plane
    • Securing
      • Authentication
      • Connect LDAP authentication backend
      • Connect OpenID authentication backend
      • Client-to-node encryption
      • Internode encryption
      • Secure DataStax Mission Control
      • DSE Unified Authorization
    • Migrating
      • Migrate a DSE Cluster to DataStax Mission Control
    • Managing
      • Manage DSE clusters
        • Configure DSE
        • Cluster lifecycle
          • Create a cluster
          • Create a single-token cluster
          • Create a multi-token cluster
          • Changing cluster Replication Factor
          • Terminate a DSE cluster
          • Upgrade a DSE cluster
        • Datacenter lifecycle
          • Add a DSE datacenter
          • Terminate a DSE datacenter
        • Node lifecycle
          • Add DSE nodes
          • Terminate DSE nodes
          • Use per-node configurations
      • Manage DataStax Mission Control infrastructure
        • Manage projects
        • Manage clusters
        • Add a node to DataStax Mission Control clusters
        • Terminate a node from DataStax Mission Control clusters
        • Storage classes defined
      • Manage DataStax Mission Control resources
        • Access Admin Console
        • Configure DataStax Mission Control
        • Generate a support bundle
      • Observability
        • Metrics
    • Operations
      • Cleanup
      • Rebuild
      • Replace a node
      • Rolling restart
      • Upgrade SSTables
    • Reference
      • MissionControlCluster manifest
      • CassandraTask manifest
  • DataStax Project Mission Control
  • Securing
  • Connect LDAP authentication backend

Configure DataStax Mission Control to use LDAP for authentication

DataStax Mission Control is currently in Public Preview. DataStax Mission Control is not intended for production use, has not been certified for production workloads, and might contain bugs and other functional issues. There is no guarantee that DataStax Mission Control will ever become generally available. DataStax Mission Control is provided on an “AS IS” basis, without warranty or indemnity of any kind.

If you are interested in trying out DataStax Mission Control please join the Public Preview.

DataStax Mission Control supports authentication through OpenID Connect (OIDC) and LDAP. This topic describes configuring LDAP authentication within DataStax Mission Control. See Configuring OIDC for the other supported authentication protocol.

Prerequisites

  • The kubectl CLI tool, v1.22 or later.

  • An instance of DataStax Mission Control, installed through either your own Kubernetes cluster or the runtime installer. See planning for your installation.

  • KOTS kubectl plugin installed with this command:

    `curl -sSL https://kots.io/install | bash`

  • Kubernetes context pointing to the DataStax Mission Control cluster running the DataStax Mission Control Control Plane. Set this up with the following command:

    kubectl config current-context

Configure DataStax Mission Control to use LDAP for authentication

  1. Port-forward to the admin console:

    kubectl kots admin-console

  2. Navigate to http://127.0.0.1:8800 (password admin) and edit the Mission Control configuration to enable the LDAP connector, providing your environment’s LDAP information:

    • Host ldap.default:389

    • no SSL true

    • Bind DN cn=admin,dc=example,dc=org

    • Bind password Not@SecurePassw0rd

    • User base DN ou=users,dc=example,dc=org

    • User filter (objectClass=inetOrgPerson)

    • Username attribute cn

    • User id attribute uidNumber

    • User email attribute cn (using this because the default schema does not have an email field)

    • User display name attribute cn

    • Preferred username attribute cn

    • Group base DN ou=users,dc=example,dc=org

    • Group filter (objectClass=groupOfNames)

    • Group user matcher

      • - userAttr: dn

      • groupAttr: member

    • Group name attribute cn

  3. Deploy the new configuration.

Test the connection

  1. Navigate to the DataStax Mission Control UI and try to connect with LDAP and one of the test users, for example, user01 / password01.

  2. You can also remove the admin user in the Mission Control configuration (by unchecking the Create a temporary admin user selection box), and the connect with email option should no longer be available.

Authentication Connect OpenID authentication backend

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage