Enhancing Kafka 3.x with
- customized SimpleLDAPAuthentication using LDAPS simple bind for authentication
- In release 1.1.0 we have had support for authorization which is compatible to Kafka 2.8.1
- The authorization feature was removed due to incompatibilites with latest Kafka versions (3.0 onwards) starting with release 2.0.0.
Thus, moving authentication from user and passwords in JAAS context file on kafka brokers to LDAP server
Binding and group membership information is cached (limited lifetime after write), giving minor performance penalty and reduced LDAPS traffic.
- Kotlin
- Gradle build tool
- Spek test framework
- Unboundid LDAP SDK for LDAPS interaction
- Caffeine Cache
- YAML Configuration for LDAP baseDN for users, groups and more. See
src/test/resources/ldapconfig.yaml
for details
N.B. that the directory hosting yaml configuration file must be in CLASSPATH.
A tutorial with configuration examples is available in the User Guide.
./gradlew clean build shadowJar
./gradlew clean build shadowJar -x test
The result is build/libs/kafka-ldap-integration-<version>.jar
, which contains the authentication classes, along with all of their dependencies.
N.B. This jar must be added to the classpath for the Kafka broker. The easist way to do that is to copy the jar into the directory $KAFKA_HOME/libs
.
Maintainers of the GitHub project kafka-ldap-integration:
- Joe Schmetzer,
joe.schmetzer@instaclustr.com
- Zeke Dean,
zeke.dean@instaclustr.com
Maintainers of the GitHub project kafka-plain-saslserver-2-ad:
- Torstein Nesby,
torstein.nesby@nav.no
- Trong Huu Nguyen,
trong.huu.nguyen@nav.no