This is part of the User Guide for kafka-ldap-integration
Download Kafka from the Apache Kafka Downloads page. There are
multiple versions of Kafka available. You should download the version that matches the
and scala_version
properties in build.gradle
Extract the downloaded archive into a directory of your choice. For the remainder of this example,
the directory containing the Kafka distribution will be referred to as $KAFKA_HOME
. It's a good
idea to set this as an environment variable.
From a terminal window or command prompt, run the following commands:
# Clone the repository locally
git clone [email protected]:instaclustr/kafka-ldap-integration.git
# Change into the directory
cd kafka-ldap-integration
# Build the jar
./gradlew build shadowJar
# Copy the jar into the Kafka distribution libs folder
cp build/libs/*.jar $KAFKA_HOME/libs
Open $KAFKA_HOME/config/
in your favourite editor, and add the following lines
to the bottom:
# Configure inter-broker communication to use plaintext (Use SSL/TLS in Prod!)
# Configure brokers to exchange plain text username/password.
# Configure the JAAS context for plain.\ required \
username="srvkafkabroker" \
# Configure the authentication to use LDAP (verify that client is actually who they say they are)\
# Configure the authorization to use LDAP (verify that client is allowed to perform a specific
# action)
# Configure super users
There needs to be a separate file containing the connection and configuration information for the
LDAP authentication and authorization. This file must be available in the root of the classpath and
called ldapconfig.yaml
Open $KAFKA_HOME/config/ldapconfig.yaml
in your editor, and copy in the following:
#host of the LDAP server
host: localhost
#port of the LDAP server
port: 10636
# connectionTimout in milliseconds for LDAP
connTimeout: 10000
# Placement of admin user in LDAP tree
adminBaseDN: ou=users,dc=security,dc=example,dc=com
# Admin user attribute for DN completion
adminUid: uid
# Placement of users in LDAP tree
usrBaseDN: ou=users,dc=security,dc=example,dc=com
# User attribute for DN completion
usrUid: uid
# Placement of groups in LDAP tree
grpBaseDN: ou=groups,dc=security,dc=example,dc=com
# Group attribute for DN completion
grpUid: cn
# Group membership attribute name
grpAttrName: uniqueMember
# Lifetime of user entry in cache after cache-write - IN MINUTES
usrCacheExpire: 6
# Lifetime of group entry in cache after cache-write - IN MINUTES
grpCacheExpire: 6
export CLASSPATH=$CLASSPATH:/path_to_kafka//config"
With the above configuration, you won't be able to start the broker until the LDAP Directory Server is up and running, with the correct configuration. Instructions on how to do this can be found here: