Setting up pluggable authentication for OpsCenter

Procedure

  1. Locate the opscenterd.conf file. The location of this file depends on the type of installation:

    • Package installations: /etc/opscenter/opscenterd.conf

    • Tarball installations: install_location/conf/opscenterd.conf

  2. Edit the opscenterd.conf file and enable authentication.

    You can also bring your own pluggable authentication class and define it in the authentication_method.

    File authentication strategy

    Create the auth_file with user:password:role:

    file:$2a$10$LvCn7Qm8SjkIUfRN3ZBWSuhH6KqmQPomnjcSkh2imkPVvwrzmYhmO:superuser

    The password must use a bcrypt 2a variation hash.

    The authentication file should contain one user per line in this format.

    passwd_db = ./passwd.db
    enabled = True
    authentication_method = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider
    
    [authentication_provider]
    # auth file configuration
    auth_file = /apps/test/auth.txt

    LDAP authentication strategy

    passwd_db = ./passwd.db
    enabled = True
    authentication_method = com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider
    
    [authentication_provider]
    # ldap configuration
    server_host = dev-ldap.datastax.lan
    # use 389 if you set ldap_security = None
    server_port = 636
    search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
    search_password = dseng
    user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
    user_search_filter = (uid={0})
    group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
    group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
    group_name_attribute = cn
    admin_group_name = superusers, superusers2
    truststore = ./tests/resources/truststore.ts
    truststore_pass = secret
    ldap_security = SSL_TLS
    truststore_type = jks

    Multiple authentication strategy

    passwd_db = ./passwd.db
    enabled = True
    authentication_method = com.datastax.opscenter.auth.http.impl.MultipleAuthenticationStrategyProvider
    
    [authentication_provider]
    # List of authentication strategies in the order each strategy will be used
    strategy_chain = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider, com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider
    
    # auth file configuration
    auth_file = /apps/test/auth.txt
    
    # ldap configuration, formerly in [ldap_section]
    server_host = dev-ldap.datastax.lan
    # use 389 if you set ldap_security = None
    server_port = 636
    search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
    search_password = dseng
    user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
    user_search_filter = (uid={0})
    group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
    group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
    group_name_attribute = cn
    admin_group_name = superusers, superusers2
    truststore = ./tests/resources/truststore.ts
    truststore_pass = secret
    ldap_security = SSL_TLS
    truststore_type = jks
  3. Restart OpsCenter.

  4. Open the OpsCenter user interface in a browser.

    http://localhost:8888

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com