LDAP authentication for Couchbase administrators involves setting up LDAP administrators on the LDAP server, mapping their user IDs using the Couchbase Web Console and configuring the
|Remote authentication with LDAP is available in the Enterprise Edition of the Couchbase Server only for the Linux platform. It is not available for Windows or Mac OS.|
|Mixed version cluster deployments do not support LDAP authentication: upgrade all nodes to the latest Couchbase Server release to use LDAP authentication.|
Couchbase Server is using LDAP authentication for external identity management, which is achieved with the following:
- Centralized identity management
Defines multiple read-only administrators and full-administrators.
Allows for centralized security policy management of the administrative accounts for stronger passwords, password rotation, and auto lockouts.
- Individual accountability and simplified compliance
Defines UIDs in LDAP and maps UIDs to read-only or full administrative role in Couchbase.
Allows for comprehensive audit trails with LDAP UIDs in audit records.
There are two types of LDAP administrators: full administrators and read-only administrators. Both types of LDAP administrators can be enabled or disabled in the UI at any time. LDAP administrators are configured only when the option to enable LDAP is selected.
- LDAP server software
The LDAP server software is downloaded and installed separately on the LDAP server. This document only explains how it is configured to work with Couchbase Server.
Perform these tasks on the LDAP server:
Set up user passwords.
These tasks are performed using the Couchbase Web Console:
Mapping users in LDAP to full administrators or read-only administrators in Couchbase.
Validating LDAP credentials.
saslauthdprocess handles authentication requests on behalf of Couchbase Server.
To use LDAP authentication, you need to configure
saslauthdproperly using the steps explained in Setting up
Couchbase Server works with the OpenLDAP software, which can be downloaded from the openldap.org website.
The Lightweight Directory Access Protocol (LDAP) is a public standard that facilitates distributed directories (such as network user privilege information) over the Internet Protocol (IP).
Couchbase connects to LDAP through the
Refer to the next section on how to configure the
saslauthd library for LDAP.