[jira] [Commented] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422632#comment-15422632 ] Daniel Kleviansky commented on CASSANDRA-12294: --- Authentication is working with LDAP. Next step is to extend IRoleManager to pass role management to third party, as current iteration bypasses role management by returning built-in "cassandra" user. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. > Work in progress: https://github.com/lqid/cassandra — Branch 12294-22 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15396153#comment-15396153 ] Daniel Kleviansky commented on CASSANDRA-12294: --- I absolutely understand those concerns, especially those around sharing specifics in a public forum, however, if you consider other large scale database systems in enterprise, I believe many in production rely on third-party authentication. Introducing this feature into vanilla C* may open up more possibilities for the future of the project. Also, bear in mind that one need not necessarily need to share protected information to diagnose particular issues, and it is in fact at the companies discretion as to whether or not they choose to, based on their policies. It is also very common to have only specific LDAP systems supported (AD for example), thereby limiting the overhead of support required. In addition, these said enterprises may not feel comfortable relying on a third-party plugin which is not part of the main C* project, and may turn them off integrating applications which rely on a C* database. One may argue that they should implement DSE, but if they have not developed the software themselves, they may not have any other choice, or may not be able to for any number of reasons. Having said all this, I'd be happy to spin this off into a plugin if that's what's decided, and I feel we both genuinely appreciate just how useful it would be, but just wanted to address these points, and felt they should be at least brought to light. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. > Work in progress: https://github.com/lqid/cassandra — Branch 12294-22 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15395094#comment-15395094 ] Daniel Kleviansky commented on CASSANDRA-12294: --- Apache Directory LDAP API requires including the following jars (the API + its requirements): {quote} antlr-2.7.7.jar api-all-1.0.0-RC1.jar api-asn1-api-1.0.0-RC1.jar api-asn1-ber-1.0.0-RC1.jar api-i18n-1.0.0-RC1.jar api-ldap-client-api-1.0.0-RC1.jar api-ldap-codec-core-1.0.0-RC1.jar api-ldap-extras-aci-1.0.0-RC1.jar api-ldap-extras-codec-1.0.0-RC1.jar api-ldap-extras-codec-api-1.0.0-RC1.jar api-ldap-model-1.0.0-RC1.jar api-ldap-schema-converter-1.0.0-RC1.jar api-ldap-schema-data-1.0.0-RC1.jar api-util-1.0.0-RC1.jar commons-codec-1.10.jar commons-collections-3.2.2.jar commons-lang-2.6.jar commons-pool-1.6.jar log4j-1.2.17.jar mina-core-2.0.13.jar org.apache.servicemix.bundles.antlr-2.7.7_5.jar org.apache.servicemix.bundles.dom4j-1.6.1_5.jar org.apache.servicemix.bundles.xpp3-1.1.4c_7.jar slf4j-api-1.7.16.jar slf4j-log4j12-1.7.16.jar xml-apis-2.0.2.jar {quote} Is this going to cause any issues? > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. > Work in progress: https://github.com/lqid/cassandra — Branch 12294-22 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kleviansky updated CASSANDRA-12294: -- Description: Addition of an LDAP authentication plugin, in tree, along side the default authenticator, so that Cassandra can leverage existing LDAP-speaking servers to manage user logins. DSE offers this: [Enabling LDAP authentication | https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], but does not exist in vanilla C* as far as I can tell. Ideally would like to introduce this as part of the 2.2.x branch, as this is what is currently running in client production environment, and where it is needed at the moment. Would aim for support of at least Microsoft Active Directory running on Windows Server 2012. Work in progress: https://github.com/lqid/cassandra — Branch 12294-22 was: Addition of an LDAP authentication plugin, in tree, along side the default authenticator, so that Cassandra can leverage existing LDAP-speaking servers to manage user logins. DSE offers this: [Enabling LDAP authentication | https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], but does not exist in vanilla C* as far as I can tell. Ideally would like to introduce this as part of the 2.2.x branch, as this is what is currently running in client production environment, and where it is needed at the moment. Would aim for support of at least Microsoft Active Directory running on Windows Server 2012. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. > Work in progress: https://github.com/lqid/cassandra — Branch 12294-22 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15394638#comment-15394638 ] Daniel Kleviansky commented on CASSANDRA-12294: --- Working on it here: https://github.com/lqid/cassandra --- Branch 12294-22 Have just added the LdapAuthenticator class so far as a placeholder. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15394418#comment-15394418 ] Daniel Kleviansky edited comment on CASSANDRA-12294 at 7/26/16 7:43 PM: Have decided to use [Apache Directory|http://directory.apache.org/api/] as the LDAP API. Seems to be the most modern and easy-to-use, especially when compared to JNDI. was (Author: lqid): Have decided to use [Apache Directory|http://directory.apache.org/] as the LDAP API. Seems to be the most modern and easy-to-use, especially when compared to JNDI. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15394418#comment-15394418 ] Daniel Kleviansky commented on CASSANDRA-12294: --- Have decided to use [Apache Directory|http://directory.apache.org/] as the LDAP API. Seems to be the most modern and easy-to-use, especially when compared to JNDI. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kleviansky updated CASSANDRA-12294: -- Description: Addition of an LDAP authentication plugin, in tree, along side the default authenticator, so that Cassandra can leverage existing LDAP-speaking servers to manage user logins. DSE offers this: [Enabling LDAP authentication | https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], but does not exist in vanilla C* as far as I can tell. Ideally would like to introduce this as part of the 2.2.x branch, as this is what is currently running in client production environment, and where it is needed at the moment. Would aim for support of at least Microsoft Active Directory running on Windows Server 2012. was: Addition of an LDAP authentication plugin, in tree, along side the default authenticator, so that Cassandra can leverage existing LDAP-speaking servers to manage user logins. Ideally would like to introduce this as part of the 2.2.x branch, as this is what is currently running in client production environment, and where it is needed at the moment. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > DSE offers this: [Enabling LDAP authentication | > https://docs.datastax.com/en/datastax_enterprise/4.6/datastax_enterprise/sec/secLdapEnabling.html], > but does not exist in vanilla C* as far as I can tell. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. > Would aim for support of at least Microsoft Active Directory running on > Windows Server 2012. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kleviansky updated CASSANDRA-12294: -- Description: Addition of an LDAP authentication plugin, in tree, along side the default authenticator, so that Cassandra can leverage existing LDAP-speaking servers to manage user logins. Ideally would like to introduce this as part of the 2.2.x branch, as this is what is currently running in client production environment, and where it is needed at the moment. was:Addition of an LDAP authentication plugin, in tree, along side the default authenticator, so that Cassandra can leverage existing LDAP-speaking servers to manage user logins. > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. > Ideally would like to introduce this as part of the 2.2.x branch, as this is > what is currently running in client production environment, and where it is > needed at the moment. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-12294) LDAP Authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-12294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kleviansky updated CASSANDRA-12294: -- Fix Version/s: (was: 4.x) 3.x 2.2.x > LDAP Authentication > --- > > Key: CASSANDRA-12294 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 > Project: Cassandra > Issue Type: New Feature > Components: Distributed Metadata >Reporter: Daniel Kleviansky >Assignee: Daniel Kleviansky >Priority: Minor > Labels: security > Fix For: 2.2.x, 3.x > > > Addition of an LDAP authentication plugin, in tree, along side the default > authenticator, so that Cassandra can leverage existing LDAP-speaking servers > to manage user logins. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CASSANDRA-12294) LDAP Authentication
Daniel Kleviansky created CASSANDRA-12294: - Summary: LDAP Authentication Key: CASSANDRA-12294 URL: https://issues.apache.org/jira/browse/CASSANDRA-12294 Project: Cassandra Issue Type: New Feature Reporter: Daniel Kleviansky Assignee: Daniel Kleviansky Priority: Minor Addition of an LDAP authentication plugin, so that Cassandra can leverage existing LDAP-speaking servers to manage user logins. -- This message was sent by Atlassian JIRA (v6.3.4#6332)