unable to find authenticator class CassandraAuthorizer

[sundeeptj]

Please answer these questions before submitting your issue. Thanks!

What version of Cassandra are you using? - 2.2

What version of Cassandra LDAP are you using? cassandra-ldap-2.2-1.0.0

What LDAP server you are using? Any specifics? - No

What did you do?

Placed the jar(cassandra-ldap-2.2-1.0.0) in the /lib path which resolved the issue unable to find authenticator class org.apache.cassandra.auth.Cassandra22LDAPAuthenticator

Current issue that i am facing is "unable to find authenticator class CassandraAuthorizer"

Tried with this resolution by placing of the jar cassandra-all-2.2.14.jar inside the /lib

Still the error exists.

What did you expect to see?

Normal start of the Cassandra server

What did you see instead?

unable to find authenticator class CassandraAuthorizer

If you are having connectivity related issues please share the following additional information

Describe your Cassandra cluster

please provide the following information

• output of nodetool status node tool is not there
• output of SELECT peer, rpc_address FROM system.peers both the columns are empty
• output of describe keyspace system_auth having with simple strategy class and replication factor is 1

[smiklosovic]

Hi @sundeeptj ,

firstly, "unable to find authenticator class CassandraAuthorizer" does not make sense - CassandraAuthorizer is NOT "authenticator" so I am wondering where you got that message from.

Secondly, 'CassandraAuthorizer' is part of Cassandra installation. This LDAP plugin has nothing to do with that.

All classes are implemented in package org.apache.cassandra.auth so you do not need to specify package name. Your configuration should look like

authenticator: Cassandra22LDAPAuthenticator
authorizer: CassandraAuthorizer
role_manager: LDAPCassandraRoleManager

[sundeeptj]

Hi @smiklosovic

Thanks for the update inside the configuration file i have given the spelling as authorizer: CasssandraAuthorizer So the server was looking for the org.apache.cassandra.auth.CasssandraAuthorizer and not for the org.apache.cassandra.auth.CassandraAuthorizer

My Apologies for making the mistake

[sundeeptj]

Currently after all the changes on the config files i am able to start the Cassandra service

But in my ldap.config file i have given service_dn=username1 (active directory user) ldap_naming_attribute=CN=XXXXX

When i am trying to connect to the CQLSH

./cqlsh 12.22.99.11 -u username2 -p password2

ERROR Message :-

connection error:{'Unable to connect to any servers',{ '12.22.99.11' : AuthenticationFailed('Failed to authenticate to 12.22.99.11: Error from server: Code=0100 [Bad credentials] message="Could not authenticate to directory server using naming attribute CN=XXXXX and username username2. User likely does not exists or connection to LDAP server is invalid."',)})

So the above error means the user does not exists or there is no connected between the server and the LDAP AD ?.

[smiklosovic]

Hi @sundeeptj ,

As far as I can see, you are trying to log in via "username2".

If username2 does not exist in Cassandra database, based on your username1 admin user, it will try to reach to LDAP and check if there is username2. This seems like username2 does not exist in Cassandra nor in LDAP.

Please check the logs of Cassandra node as well to see errors / stacktraces.

[sundeeptj]

Hi @smiklosovic Finally I was able to configure the CASSANDRA LDAP Authentication by commenting the below lines in the config ldap.properties file

ldap_naming_attribute=cn=

As per your documentation you have said to give the default values as cn= but the default value should be there as cn or this property should have been commented in the ldap.properties file either one of them will work

[smiklosovic]

@sundeeptj great! I am glad it works, I will reflect your suggestion into docs.

[sundeeptj]

Will there be any issue if i do comment the below lines in the ldap.properties file.

auth_cache_enabled auth_bcrypt_gensalt_log2_rounds

Thanks & Regards Sundeep T J

[smiklosovic]

No. You might just ignore them.