[jira] [Commented] (CASSANDRA-12294) LDAP Authentication

Wed, 27 Jul 2016 01:32:05 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15395228#comment-15395228
 ] 

Sam Tunnicliffe commented on CASSANDRA-12294:
---------------------------------------------

My personal opinion is that this is out of scope for the project and really 
falls into the category of an addon or plugin. 

Not that I think LDAP integration wouldn't be useful (I most definitely think 
it's a good idea), but Cassandra itself ought to (and does) provide suitable 
extension points and reference implementations only. Ongoing maintenance 
(including testing) and support for every potential implementation is just 
impractical. 

On a concrete note, regarding this case in particular I'd have concerns about 
chasing down bugs and corner cases which are highly dependent on specific LDAP 
setups, and especially that reproducing issues will be problematic as users 
will often not be able to share specifics about their system in a public forum. 
I'd want to think seriously about the overhead of incorporating the additional 
dependencies required by AD.

There is precedent for this kind of development, Stratio's [Lucene based index 
implementation|https://github.com/Stratio/cassandra-lucene-index] is a good 
example of a third party plugin which lives outside of the core project. 


> LDAP Authentication
> -------------------
>
>                 Key: CASSANDRA-12294
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12294
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Distributed Metadata
>            Reporter: Daniel Kleviansky
>            Assignee: Daniel Kleviansky
>            Priority: Minor
>              Labels: security
>             Fix For: 2.2.x, 3.x
>
>
> Addition of an LDAP authentication plugin, in tree, along side the default 
> authenticator, so that Cassandra can leverage existing LDAP-speaking servers 
> to manage user logins.
> DSE offers this: [Enabling LDAP authentication | 
> https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html],
>  but does not exist in vanilla C* as far as I can tell.
> Ideally would like to introduce this as part of the 2.2.x branch, as this is 
> what is currently running in client production environment, and where it is 
> needed at the moment.
> Would aim for support of at least Microsoft Active Directory running on 
> Windows Server 2012.
> Work in progress: https://github.com/lqid/cassandra — Branch 12294-22



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to