Closed sundeeptj closed 3 years ago
Hi @sundeeptj ,
firstly, "unable to find authenticator class CassandraAuthorizer" does not make sense - CassandraAuthorizer is NOT "authenticator" so I am wondering where you got that message from.
Secondly, 'CassandraAuthorizer' is part of Cassandra installation. This LDAP plugin has nothing to do with that.
All classes are implemented in package org.apache.cassandra.auth
so you do not need to specify package name. Your configuration should look like
authenticator: Cassandra22LDAPAuthenticator
authorizer: CassandraAuthorizer
role_manager: LDAPCassandraRoleManager
Hi @smiklosovic
Thanks for the update inside the configuration file i have given the spelling as authorizer: CasssandraAuthorizer So the server was looking for the org.apache.cassandra.auth.CasssandraAuthorizer and not for the org.apache.cassandra.auth.CassandraAuthorizer
My Apologies for making the mistake
Currently after all the changes on the config files i am able to start the Cassandra service
But in my ldap.config file i have given service_dn=username1 (active directory user) ldap_naming_attribute=CN=XXXXX
When i am trying to connect to the CQLSH
./cqlsh 12.22.99.11 -u username2 -p password2
ERROR Message :-
connection error:{'Unable to connect to any servers',{ '12.22.99.11' : AuthenticationFailed('Failed to authenticate to 12.22.99.11: Error from server: Code=0100 [Bad credentials] message="Could not authenticate to directory server using naming attribute CN=XXXXX and username username2. User likely does not exists or connection to LDAP server is invalid."',)})
So the above error means the user does not exists or there is no connected between the server and the LDAP AD ?.
Hi @sundeeptj ,
As far as I can see, you are trying to log in via "username2".
If username2
does not exist in Cassandra database, based on your username1
admin user, it will try to reach to LDAP and check if there is username2
. This seems like username2
does not exist in Cassandra nor in LDAP.
Please check the logs of Cassandra node as well to see errors / stacktraces.
Hi @smiklosovic Finally I was able to configure the CASSANDRA LDAP Authentication by commenting the below lines in the config ldap.properties file
As per your documentation you have said to give the default values as cn= but the default value should be there as cn or this property should have been commented in the ldap.properties file either one of them will work
@sundeeptj great! I am glad it works, I will reflect your suggestion into docs.
Will there be any issue if i do comment the below lines in the ldap.properties file.
auth_cache_enabled auth_bcrypt_gensalt_log2_rounds
Thanks & Regards Sundeep T J
No. You might just ignore them.
Please answer these questions before submitting your issue. Thanks!
What version of Cassandra are you using? - 2.2
What version of Cassandra LDAP are you using? cassandra-ldap-2.2-1.0.0
What LDAP server you are using? Any specifics? - No
What did you do?
Placed the jar(cassandra-ldap-2.2-1.0.0) in the /lib path which resolved the issue unable to find authenticator class org.apache.cassandra.auth.Cassandra22LDAPAuthenticator
Current issue that i am facing is "unable to find authenticator class CassandraAuthorizer"
Tried with this resolution by placing of the jar cassandra-all-2.2.14.jar inside the /lib
Still the error exists.
What did you expect to see?
Normal start of the Cassandra server
What did you see instead?
unable to find authenticator class CassandraAuthorizer
If you are having connectivity related issues please share the following additional information
Describe your Cassandra cluster
please provide the following information
nodetool status
node tool is not thereSELECT peer, rpc_address FROM system.peers
both the columns are emptydescribe keyspace system_auth
having with simple strategy class and replication factor is 1