Context
The following sample stanza can be used to configure an ldap server in aeropsike.confMethod
Modify the aerospike.conf configuration file by adding a security stanza and enable ldap. Remember to include the query-user-dn (setting for an ldap privileged user with permission to query ldap) and query-user-password-file (clear text password file to that ldap privileged user)See sample configuration below for a tls enabled ldap server over port 389:
security {
enable-security true
enable-ldap true
ldap {
query-base-dn dc=field,dc=aerospike,dc=com
query-user-dn cn=admin,dc=field,dc=aerospike,dc=com
query-user-password-file /etc/aerospike/passwordldap.txt
server ldap://127.0.0.1:389
disable-tls false
tls-ca-file /etc/openldap/certs/myldap.field.aerospike.com.cert
user-dn-pattern uid=${un},ou=People,dc=field,dc=aerospike,dc=com
role-query-search-ou false
role-query-pattern (&(objectClass=posixGroup)(memberUid=${un}))
polling-period 10
}
log {
report-violation true
}
}
In the above sample, the aerospike server will contact the ldap server over tls and authenticate using the user specified in query-user-dn.
More details on the aerospike ldap configuration can be found here:
https://www.aerospike.com/docs/operations/configure/security/ldap/