Context
All our aerospike clients will require an authentication mode be set when trying to connect using ldap credentials. In aql, that option is set through the --auth option. This would set the authentication mode when user/password is defined.
Modes are:
- INTERNAL
- EXTERNAL
- EXTERNAL_INSECURE
The default is INTERNAL. This mode must be set to EXTERNAL or EXTERNAL_INSECURE when using LDAP. If TLS is not configured on the Aerospike server, then you can use EXTERNAL_INSECURE mode (not recommended, of course).
Method
1) EXTERNAL with no tls configured will give an error:
aql --auth EXTERNAL -Uaerospike -P aerospike
Seed: 127.0.0.1
User: aerospike
Config File: /etc/aerospike/astools.conf /root/.aerospike/astools.conf
Error -1: TLS is required for external authentication
2) EXTERNAL_INSECURE mode should succeed in the above case:
aql --auth EXTERNAL_INSECURE -Uaerospike -P aerospike
Seed: 127.0.0.1
User: aerospike
Config File: /etc/aerospike/astools.conf /root/.aerospike/astools.conf
Aerospike Query Client
Version 3.23.0
C Client Version 4.6.9
Copyright 2012-2019 Aerospike. All rights reserved.
aql>
3) If TLS is enabled on the sever , the EXTERNAL authentication mode should succeed:
aql --auth EXTERNAL -Ubadwan -P aerospike --tls-enable --tls-cafile /root/certs/ca.crt -p 4333 -h 127.0.0.1:server:4333
Seed: 127.0.0.1:server:4333
User: aerospike
Config File: /etc/aerospike/astools.conf /root/.aerospike/astools.conf
Aerospike Query Client
Version 3.23.0
C Client Version 4.6.9
Copyright 2012-2019 Aerospike. All rights reserved.