This authentication setup must be done from the Management Center using Azure AD (Active Directory), and via LDAP over SSL (LDAPS). Carry out the following:
A user must be set up so you can query the AD.
From your IT or AD administrator, you must get the following parameters:
Below is an example of such parameters:
CN=K2vtdaadmin,cn=users,DC=k2vfabric
CN=Users,DC=k2vfabric,DC=local
k2-fabric-ldap.k2vfabric.local
The following steps must be carried out on all Fabric nodes by the root user:
echo "10.21.1.134 k2-fabric-ldap.k2vfabric.local" >> /etc/hosts
Connect as fabric user
Update the admin_privileges file on one fabric node only (the one that you will start with first).
In this file we will insert the name of group that the user will use as fabric admin, and the AD to which the user belongs. In our example K2vtdaadmin
cd $K2_HOME/
echo "K2vtdaadmin" > $K2_HOME/config/admin_privileges
cd $K2_HOME/
sed -i "s@#SERVER_AUTHENTICATOR=.*@SERVER_AUTHENTICATOR=adldap@" $K2_HOME/config/config.ini
sed -i "s@#url=.*@url=ldaps://k2-fabric-ldap.k2vfabric.local:636@" $K2_HOME/config/config.ini
sed -i "s@#admin_dn=.*@admin_dn=CN=K2vtdaadmin,cn=users,DC=k2vfabric,DC=local@" $K2_HOME/config/config.ini
sed -i "s@#admin_password=.*@admin_password=Q1w2e3r4t5@" $K2_HOME/config/config.ini
sed -i "s@#users_base_dn=.*@users_base_dn=CN=Users,DC=k2vfabric,DC=local@" $K2_HOME/config/config.ini
The following steps are unique to LDAPS (as opposed to LDAP):
keytool -importcert -file root_cer.cer -keystore apps/java/jre/lib/security/cacerts -alias "ldap"
See this example:
keytool -importcert -file root_cer.cer -keystore .cassandra_ssl/cassandra.truststore -alias "ldap"
For more information about how Fabric works with LDAP see here. For more information about SAML configuration in Fabric, please read here.
This authentication setup must be done from the Management Center using Azure AD (Active Directory), and via LDAP over SSL (LDAPS). Carry out the following:
A user must be set up so you can query the AD.
From your IT or AD administrator, you must get the following parameters:
Below is an example of such parameters:
CN=K2vtdaadmin,cn=users,DC=k2vfabric
CN=Users,DC=k2vfabric,DC=local
k2-fabric-ldap.k2vfabric.local
The following steps must be carried out on all Fabric nodes by the root user:
echo "10.21.1.134 k2-fabric-ldap.k2vfabric.local" >> /etc/hosts
Connect as fabric user
Update the admin_privileges file on one fabric node only (the one that you will start with first).
In this file we will insert the name of group that the user will use as fabric admin, and the AD to which the user belongs. In our example K2vtdaadmin
cd $K2_HOME/
echo "K2vtdaadmin" > $K2_HOME/config/admin_privileges
cd $K2_HOME/
sed -i "s@#SERVER_AUTHENTICATOR=.*@SERVER_AUTHENTICATOR=adldap@" $K2_HOME/config/config.ini
sed -i "s@#url=.*@url=ldaps://k2-fabric-ldap.k2vfabric.local:636@" $K2_HOME/config/config.ini
sed -i "s@#admin_dn=.*@admin_dn=CN=K2vtdaadmin,cn=users,DC=k2vfabric,DC=local@" $K2_HOME/config/config.ini
sed -i "s@#admin_password=.*@admin_password=Q1w2e3r4t5@" $K2_HOME/config/config.ini
sed -i "s@#users_base_dn=.*@users_base_dn=CN=Users,DC=k2vfabric,DC=local@" $K2_HOME/config/config.ini
The following steps are unique to LDAPS (as opposed to LDAP):
keytool -importcert -file root_cer.cer -keystore apps/java/jre/lib/security/cacerts -alias "ldap"
See this example:
keytool -importcert -file root_cer.cer -keystore .cassandra_ssl/cassandra.truststore -alias "ldap"
For more information about how Fabric works with LDAP see here. For more information about SAML configuration in Fabric, please read here.