Druid - LDAP and Active Directory (AD) Integration Tijo January 25, 2023 17:11 Updated Follow Please see current docs at: https://druid.apache.org/docs/latest/operations/auth-ldap.html Related articles How to Enable Basic Auth in Druid How to Implement Role Level Connection Auth in Pivot and Druid Druid indexed tables (alpha) How to properly shutdown an on-premise Imply Druid Cluster Historical will not start due to OOM and failed to map errors though there is enough heap available and ulimit is set very high Comments 4 comments Sort by Date Votes Tijo May 03, 2020 07:20 In step 1 : under "Call the following API to create role `readRole` " there is a mistake in the rest api call . Instead of this curl -i -v -H "Content-Type: application/json" -u internal -X POST -d @roleperm.json http://localhost:8081>/druid-ext/basic-security/authorization/db/ldapauth/roles/readRole use this curl -i -v -H "Content-Type: application/json" -u internal -X POST http://localhost:8081>/druid-ext/basic-security/authorization/db/ldapauth/roles/readRole 0 Comment actions Permalink Srinivasa Rao Suryadevara September 30, 2022 03:58 Good explanation about Ldap integration 0 Comment actions Permalink Srinivasa Rao Suryadevara September 30, 2022 04:00 Is there any API to revoke access similar to grant ? 0 Comment actions Permalink Tejas November 07, 2022 05:51 Edited Srinivasa Rao Suryadevara Here are a few sample APIs to edit/remove access. Similarly, LDAP endpoints can be used.Delete user: curl -XDELETE -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authentication/db/basic/users/john Modify Role Permissions: curl -XGET -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/roles/dataGrip/permissions[{"resourceAction": {"resource": {"name": "wiki.*","type": "DATASOURCE"},"action": "READ"},"resourceNamePattern": "wiki.*"}, {"resourceAction": {"resource": {"name": "wikiticker","type": "DATASOURCE"},"action": "WRITE"},"resourceNamePattern": "wikiticker"}] Check the role Permissions: curl -XGET -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/roles/dataGrip/permissions[{"resourceAction":{"resource":{"name":"druid.*","type":"DATASOURCE"},"action":"READ"},"resourceNamePattern":"druid.*"},{"resourceAction":{"resource":{"name":"druidKafka.*","type":"DATASOURCE"},"action":"WRITE"},"resourceNamePattern":"druidKafka.*"}] Remove Role from a user: curl -XDELETE -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/users/john/roles/admin Delete Role: curl -XDELETE -H'Content-Type: application/json' -uadmin:Pass_From_APISection -k https://localhost:8281/druid-ext/basic-security/authorization/db/basic/roles/dataGrip 0 Comment actions Permalink Please sign in to leave a comment.
Comments
4 comments
In step 1 : under "Call the following API to create role `readRole` " there is a mistake in the rest api call .
Instead of this
use this
Good explanation about Ldap integration
Is there any API to revoke access similar to grant ?
Srinivasa Rao Suryadevara Here are a few sample APIs to edit/remove access. Similarly, LDAP endpoints can be used.
Delete user:
Modify Role Permissions:
Check the role Permissions:
Remove Role from a user:
Delete Role:
Please sign in to leave a comment.