Druid - LDAP and Active Directory (AD) Integration

Follow

Comments

4 comments

  • Tijo

    In step 1 : under "Call the following API to create role `readRole` "  there is a mistake in the rest api call . 

    Instead of this 

    curl -i -v  -H "Content-Type: application/json" -u internal -X POST -d @roleperm.json http://localhost:8081>/druid-ext/basic-security/authorization/db/ldapauth/roles/readRole 

    use this 

    curl -i -v  -H "Content-Type: application/json" -u internal -X POST  http://localhost:8081>/druid-ext/basic-security/authorization/db/ldapauth/roles/readRole 
    1
    Comment actions Permalink
  • Srinivasa Rao Suryadevara

    Good explanation about Ldap integration 

    0
    Comment actions Permalink
  • Srinivasa Rao Suryadevara

    Is there any API to revoke access similar to grant ?

    0
    Comment actions Permalink
  • Tejas

    Srinivasa Rao Suryadevara   Here are a few sample APIs to edit/remove access. Similarly, LDAP endpoints can be used.
    Delete user:

    curl -XDELETE -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authentication/db/basic/users/john

    Modify Role Permissions:

    curl -XGET -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/roles/dataGrip/permissions

    [{

    "resourceAction": {

    "resource": {

    "name": "wiki.*",

    "type": "DATASOURCE"

    },

    "action": "READ"

    },

    "resourceNamePattern": "wiki.*"

    }, {

    "resourceAction": {

    "resource": {

    "name": "wikiticker",

    "type": "DATASOURCE"

    },

    "action": "WRITE"

    },

    "resourceNamePattern": "wikiticker"

    }]

    Check the role Permissions:

    curl -XGET -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/roles/dataGrip/permissions

    [{"resourceAction":{"resource":{"name":"druid.*","type":"DATASOURCE"},"action":"READ"},"resourceNamePattern":"druid.*"},{"resourceAction":{"resource":{"name":"druidKafka.*","type":"DATASOURCE"},"action":"WRITE"},"resourceNamePattern":"druidKafka.*"}]

    Remove Role from a user:

    curl -XDELETE -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/users/john/roles/admin

    Delete Role:



    curl -XDELETE -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/roles/dataGrip
    1
    Comment actions Permalink

Please sign in to leave a comment.