[
https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15396153#comment-15396153
]
Daniel Kleviansky commented on CASSANDRA-12294:
-----------------------------------------------
I absolutely understand those concerns, especially those around sharing
specifics in a public forum, however, if you consider other large scale
database systems in enterprise, I believe many in production rely on
third-party authentication. Introducing this feature into vanilla C* may open
up more possibilities for the future of the project.
Also, bear in mind that one need not necessarily need to share protected
information to diagnose particular issues, and it is in fact at the companies
discretion as to whether or not they choose to, based on their policies. It is
also very common to have only specific LDAP systems supported (AD for example),
thereby limiting the overhead of support required.
In addition, these said enterprises may not feel comfortable relying on a
third-party plugin which is not part of the main C* project, and may turn them
off integrating applications which rely on a C* database. One may argue that
they should implement DSE, but if they have not developed the software
themselves, they may not have any other choice, or may not be able to for any
number of reasons.
Having said all this, I'd be happy to spin this off into a plugin if that's
what's decided, and I feel we both genuinely appreciate just how useful it
would be, but just wanted to address these points, and felt they should be at
least brought to light.
> LDAP Authentication
> -------------------
>
> Key: CASSANDRA-12294
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12294
> Project: Cassandra
> Issue Type: New Feature
> Components: Distributed Metadata
> Reporter: Daniel Kleviansky
> Assignee: Daniel Kleviansky
> Priority: Minor
> Labels: security
> Fix For: 2.2.x, 3.x
>
>
> Addition of an LDAP authentication plugin, in tree, along side the default
> authenticator, so that Cassandra can leverage existing LDAP-speaking servers
> to manage user logins.
> DSE offers this: [Enabling LDAP authentication |
> https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html],
> but does not exist in vanilla C* as far as I can tell.
> Ideally would like to introduce this as part of the 2.2.x branch, as this is
> what is currently running in client production environment, and where it is
> needed at the moment.
> Would aim for support of at least Microsoft Active Directory running on
> Windows Server 2012.
> Work in progress: https://github.com/lqid/cassandra — Branch 12294-22
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
