mohammadjkhan commented on issue #9304: Coordinator fails in LDAPCredentialsValidator :must specify a trustStorePath URL: https://github.com/apache/druid/issues/9304#issuecomment-582595230 Here's an example that worked for us. trustStorePath will be different based on your env, and if your trust store is password protected then you can specify the trust store password in trustStorePassword property -Ddruid.auth.authenticatorChain=[\"db\",\"ldap\"] -Ddruid.auth.basic.ssl.trustStorePath=/Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/lib/security/cacerts -Ddruid.auth.basic.ssl.protocol=TLS -Ddruid.auth.authenticator.db.type=basic -Ddruid.auth.authenticator.db.skipOnFailure=true -Ddruid.auth.authenticator.db.initialAdminPassword=password1 -Ddruid.auth.authenticator.db.initialInternalClientPassword=password2 -Ddruid.auth.authenticator.db.credentialsValidator.type=metadata -Ddruid.auth.authenticator.db.authorizerName=db -Ddruid.auth.authenticator.ldap.type=basic -Ddruid.auth.authenticator.ldap.skipOnFailure=false -Ddruid.auth.authenticator.ldap.credentialsValidator.type=ldap -Ddruid.auth.authenticator.ldap.credentialsValidator.url="ldaps://host:port" -Ddruid.auth.authenticator.ldap.credentialsValidator.bindUser=DHC\userId -Ddruid.auth.authenticator.ldap.credentialsValidator.bindPassword= -Ddruid.auth.authenticator.ldap.credentialsValidator.baseDn="DC=corp,DC=company,DC=com" -Ddruid.auth.authenticator.ldap.credentialsValidator.userSearch="(&(sAMAccountName=%s)(objectClass=user))" -Ddruid.auth.authenticator.ldap.credentialsValidator.userAttribute=sAMAccountName -Ddruid.auth.authenticator.ldap.authorizerName=ldap -Ddruid.auth.authorizers=[\"db\",\"ldap\"] -Ddruid.auth.authorizer.db.type=basic -Ddruid.auth.authorizer.db.roleProvider.type=metadata -Ddruid.auth.authorizer.ldap.type=basic -Ddruid.auth.authorizer.ldap.roleProvider.type=ldap -Ddruid.auth.authorizer.ldap.roleProvider.groupFilters=[\"*,OU=SUB-Groupings,OU=Groupings,DC=corp,DC=company,DC=com\"] -Ddruid.auth.authorizer.ldap.initialAdminGroupMapping="CN=adm,*" OR... you can skip setting groupFilters and just set initialAdminGroupMapping like this instead. These options/combination give administrators some flexibility -Ddruid.auth.authorizer.ldap.initialAdminGroupMapping="CN=adm,OU=SUB-Groupings,OU=Groupings,DC=corp,DC=comapany,DC=com" -Ddruid.escalator.type=basic -Ddruid.escalator.internalClientUsername=druid_system -Ddruid.escalator.internalClientPassword=password2 -Ddruid.escalator.authorizerName=db
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
