Setting up pluggable authentication for OpsCenter

Instructions for enabling pluggable authentication for OpsCenter.

opscenterd.conf

The location of the opscenterd.conf file depends on the type of installation:
  • Package installations: /etc/opscenter/opscenterd.conf
  • Tarball installations: install_location/conf/opscenterd.conf

Procedure

  1. Edit the opscenterd.conf file and enable authentication.
    Note: You can also bring your own pluggable authentication class and define it in the authentication_method.

    File authentication strategy

    Create the auth_file with user:password:role:
    file:$2a$10$LvCn7Qm8SjkIUfRN3ZBWSuhH6KqmQPomnjcSkh2imkPVvwrzmYhmO:superuser
    Important: The password must use a bcrypt 2a variation hash.
    Note: The authentication file should contain one user per line in this format.
    passwd_db = ./passwd.db
enabled = True
authentication_method = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider

[authentication_provider]
# auth file configuration
auth_file = /apps/test/auth.txt

    LDAP authentication strategy

    passwd_db = ./passwd.db
enabled = True
authentication_method = com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider

[authentication_provider]
# ldap configuration
server_host = dev-ldap.datastax.lan
# use 389 if you set ldap_security = None
server_port = 636
search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
search_password = dseng
user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
user_search_filter = (uid={0})
group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
group_name_attribute = cn
admin_group_name = superusers, superusers2
truststore = ./tests/resources/truststore.ts
truststore_pass = secret
ldap_security = SSL_TLS
truststore_type = jks

    Multiple authentication strategy

    passwd_db = ./passwd.db
enabled = True
authentication_method = com.datastax.opscenter.auth.http.impl.MultipleAuthenticationStrategyProvider

[authentication_provider]
# List of authentication strategies in the order each strategy will be used
strategy_chain = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider, com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider

# auth file configuration
auth_file = /apps/test/auth.txt

# ldap configuration, formerly in [ldap_section]
server_host = dev-ldap.datastax.lan
# use 389 if you set ldap_security = None
server_port = 636
search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
search_password = dseng
user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
user_search_filter = (uid={0})
group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
group_name_attribute = cn
admin_group_name = superusers, superusers2
truststore = ./tests/resources/truststore.ts
truststore_pass = secret
ldap_security = SSL_TLS
truststore_type = jks
  2. Restart OpsCenter.
  3. Open the OpsCenter user interface in a browser. 
    http://localhost:8888