How does Presto Work With LDAP?
What is LDAP?
To learn how does Presto work with LDAP, let’s first cover what LDAP is. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol used for directory services authentication. In LDAP user authentication, the LDAP server authenticates users to directly communicate with the Presto server.
Presto & LDAP
Presto can be configured to enable LDAP authentication over HTTPS for clients, such as the Presto CLI, or the JDBC and ODBC drivers. At present only a simple LDAP authentication mechanism involving username and password is supported. The Presto client sends a username and password to the coordinator and the coordinator validates these credentials using an external LDAP service.
To enable LDAP authentication for Presto, the Presto coordinator configuration file needs to be updated with LDAP-related configurations. No changes are required to the worker configuration; only the communication from the clients to the coordinator is authenticated. However, if you want to secure the communication between Presto nodes then you should configure Secure Internal Communication with SSL/TLS.
Summary of Steps to Configure LDAP Authentication with Presto:
Step 1: Gather configuration details about your LDAP server
Presto requires Secure LDAP (LDAPS), so make sure you have TLS enabled on your LDAP server as well.
Step 2: Configure SSL/TSL on Presto Coordinator
Access to the Presto coordinator must be through HTTPS when using LDAP authentication.
Step 3: Configure Presto Coordinator with config.properties for LDAP
Step 4: Create a Password Authenticator Configuration (etc/password-authenticator.properties) file on the coordinator
Step 5: Configure Client / Presto CLI with either a Java Keystore file or Java Truststore for its TLS configuration.
Step 6: Restart your Presto Cluster and invoke the CLI with LDAP enabled CLI with either –keystore-* or –truststore-* or both properties to secure TLS connection.
Reference: https://prestodb.io/docs/current/security/ldap.html
If you want to get started with Presto easily, check out Ahana Cloud. It’s SaaS for Presto and takes away all the complexities of tuning, management and more. Check out our presentation with AWS on how to get started in 30min with Presto in the cloud.