Setting up pluggable authentication for OpsCenter

Procedure

  1. Locate the opscenterd.conf file. The location of this file depends on the type of installation:

    • Package installations: /etc/opscenter/opscenterd.conf

    • Tarball installations: install_location/conf/opscenterd.conf

  2. Edit the opscenterd.conf file and enable authentication.

    You can also bring your own pluggable authentication class and define it in the authentication_method.

    File authentication strategy

    Create the auth_file with user:password:role:

    user:$2a$10$LvCn7Qm8SjkIUfRN3ZBWSuhH6KqmQPomnjcSkh2imkPVvwrzmYhmO:superuser

    The password must use a bcrypt 2a variation hash.

    You must first create the superuser role before creating the auth_file.

    The authentication file should contain one user per line in this format.

    		 
    passwd_db = ./passwd.db
enabled = True
authentication_method = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider

[authentication_provider]
# auth file configuration
auth_file = /apps/test/auth.txt

    LDAP authentication strategy

    passwd_db = ./passwd.db
enabled = True
authentication_method = com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider

[authentication_provider]
# ldap configuration
server_host = dev-ldap.datastax.lan
# use 389 if you set ldap_security = None
server_port = 636
search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
search_password = dseng
user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
user_search_filter = (uid={0})
group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
group_name_attribute = cn
admin_group_name = superusers, superusers2
truststore = ./tests/resources/truststore.ts
truststore_pass = secret
ldap_security = SSL_TLS
truststore_type = jks

    Multiple authentication strategy

    passwd_db = ./passwd.db
enabled = True
authentication_method = com.datastax.opscenter.auth.http.impl.MultipleAuthenticationStrategyProvider

[authentication_provider]
# List of authentication strategies in the order each strategy will be used
strategy_chain = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider, com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider

# auth file configuration
auth_file = /apps/test/auth.txt

# ldap configuration, formerly in [ldap_section]
server_host = dev-ldap.datastax.lan
# use 389 if you set ldap_security = None
server_port = 636
search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
search_password = dseng
user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
user_search_filter = (uid={0})
group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
group_name_attribute = cn
admin_group_name = superusers, superusers2
truststore = ./tests/resources/truststore.ts
truststore_pass = secret
ldap_security = SSL_TLS
truststore_type = jks

  3. Restart OpsCenter.

  4. Open the OpsCenter user interface in a browser.

    http://localhost:8888

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com