Influxdata
/
docs-v2
mirror of https://github.com/influxdata/docs-v2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #6452 from influxdata/gw/ldap-no-jwt 

Remove using JWT for HTTP authentication with LDAP
pbarnett/update-env-var-for-package-manager
Jason Stirnaman 2025-10-07 17:24:28 -05:00 committed by GitHub
parent b1fd314d5a e5da3c55af
commit 02d3556c32
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/enterprise_influxdb/v1/administration/configure/security/ldap.md
View File

@ -20,8 +20,6 @@ Configure InfluxDB Enterprise to use LDAP (Lightweight Directory Access Protocol
- Synchronize InfluxDB and LDAP so each LDAP request doesn't need to be queried - Synchronize InfluxDB and LDAP so each LDAP request doesn't need to be queried
{{% note %}} {{% note %}}
LDAP **requires** JWT authentication. For more information, see [Configure authentication using JWT tokens](/enterprise_influxdb/v1/administration/configure/security/authentication/#configure-authentication-using-jwt-tokens).
To configure InfluxDB Enterprise to support LDAP, all users must be managed in the remote LDAP service. If LDAP is configured and enabled, users **must** authenticate through LDAP, including users who may have existed before enabling LDAP. To configure InfluxDB Enterprise to support LDAP, all users must be managed in the remote LDAP service. If LDAP is configured and enabled, users **must** authenticate through LDAP, including users who may have existed before enabling LDAP.
{{% /note %}} {{% /note %}}
@ -44,9 +42,7 @@ Update the following settings in each data node configuration file (`/etc/influx
1. Under `[http]`, enable HTTP authentication by setting `auth-enabled` to `true`. 1. Under `[http]`, enable HTTP authentication by setting `auth-enabled` to `true`.
(Or set the corresponding environment variable `INFLUXDB_HTTP_AUTH_ENABLED` to `true`.) (Or set the corresponding environment variable `INFLUXDB_HTTP_AUTH_ENABLED` to `true`.)
2. Configure the HTTP shared secret to validate requests using JSON web tokens (JWT) and sign each HTTP payload with the secret and username. 2. If you're enabling authentication on meta nodes, you must also include the following configurations:
Set the `[http]` configuration setting for `shared-secret`, or the corresponding environment variable `INFLUXDB_HTTP_SHARED_SECRET`.
3. If you're enabling authentication on meta nodes, you must also include the following configurations:
- `INFLUXDB_META_META_AUTH_ENABLED` environment variable, or `[http]` configuration setting `meta-auth-enabled`, is set to `true`. - `INFLUXDB_META_META_AUTH_ENABLED` environment variable, or `[http]` configuration setting `meta-auth-enabled`, is set to `true`.
This value must be the same value as the meta node's `meta.auth-enabled` configuration. This value must be the same value as the meta node's `meta.auth-enabled` configuration.
- `INFLUXDB_META_META_INTERNAL_SHARED_SECRET`, - `INFLUXDB_META_META_INTERNAL_SHARED_SECRET`,