User Authentication
You can configure cluster authentication. In the Community edition, basic authentication is available, and Enterprise and Ultimate editions add support for LDAP authentication.
Basic Authentication
To start using basic authentication on the cluster, you need to enable it and create an initial administrator user. By default, the role that grants administrator permissions is called admin, but you can change it in cluster configuration.
Here is an example of configuration that initializes the cluster and enables security on it:
-
Prepare cluster configuration file with security configuration:
ignite { security { enabled:true authentication { providers=[ { name=default type=basic users=[ { displayName=administrator password="ignite" roles=[ system ] username=ignite } ] } ] } } } -
Initialize the cluster with the license and security configuration:
cluster init --name=sampleCluster --license=/license.conf --config-files=/cluster-config.conf
When cluster has been initialized, it has basic authorization configured for ignite user name and ignite password with system level access. However, by default security is disabled. To enable it:
cluster config update ignite.security.enabled=true
After authorization is enabled, you will be disconnected from the cluster and must reconnect to the cluster:
connect http://127.0.0.1:10300 --username ignite --password ignite
You can change the password for the default user by updating cluster configuration, for example:
cluster config update ignite.security.authentication.providers.default.users.ignite.password=myPass
LDAP Authentication
To start using LDAP authentication on the cluster, you need to enable LDAP security provider on the cluster. Below is the configuration in the JSON format.
{
"ignite" : {
"ldap: : {
"url" : "ldap://server:port",
"userSearch" : {
"dn" : "*******",
"scope" : <SUB_TREE|ONE_LEVEL|BASE>,
"filter" : "",
"groupAttribute" : "memberof"
},
"groupSearch" : {
"dn" : "*****",
"scope" : "<SUB_TREE|ONE_LEVEL|BASE>",
"filter" : "",
"userAttribute" : ""
},
"roleMapping" : {
"*Ldap group*" : [list of GG roles]
}
}
}
}
| Parameter | Description |
|---|---|
|
The URL of the LDAP server. |
|
Configuration of user-specific LDAP authentication. If configured, GridGain will search for specified users and then match them to required group attributes. |
|
The DN of the container to search for users. |
|
The scope of the search. Possible values: |
|
A filter used when searching for the username. Default value: (uid={0}), with the username provided when searching. |
|
An attribute checked for group membership. Ignored if |
|
If specified, users are searched only in the matching groups. |
|
The DN of the container to search. |
|
The scope of the search. Possible values: |
|
A filter used when searching for the username. If empty, all |
|
The user attribute provided as the parameter to the filter. Empty by default. |
|
Mapping of LDAP groups to GridGain roles. If not specified, the groups are mapped to roles with matching names. |
You can provide LDAP configuration in a similar way you provide basic authentication configuration.
© 2026 GridGain Systems, Inc. All Rights Reserved. Privacy Policy | Legal Notices. GridGain® is a registered trademark of GridGain Systems, Inc.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.