Hyland Connect

Eric_Ace · ‎03-27-2019

Folks - regarding kafka-config.xml.nxftl: Presently, SASL is only enabled if SSL is enabled. (The sasl if directive is enclosed in the ssl if directive.) In a local server testing environment, it might be beneficial to configure Kafka for SASL PLAINTEXT (or SCRAM_SHA_nnn) -- to simplify the configuration for development and testing. (In fact, that's what I had tried.) But as kafka-config.xml.nxftl is presently structured, this isn't possible without supplying a custom contrib. If the if/else statements in the nxftl were structured such that SASL and SSL were independent of one another, then SASL/PLAINTEXT (or SCRAM_SHA_nnn) could be tested without SSL just using nuxeo.conf settings.

Florent_Guillau · ‎03-28-2019

Hi,

I believe the problem you're describing is NXP-26746 and has already been fixed.

Eric_Ace · ‎03-28-2019

Thanks - I was describing setting up for sasl-only

ben_ · ‎03-28-2019

Hi, You are right for now when using nuxeo.conf to generate the Kafka configuration you can use SASL only when TLS is enabled which is recommended configuration in production. I have created https://jira.nuxeo.com/browse/NXP-27100 for your testing case. In the meantime you can create your own configuration or enable SSL by generating self-signed certificates like here https://github.com/bdelbosc/nuxeo-stacks/tree/master/roles/common/files/kafkassl Regards ben

Eric_Ace · ‎03-28-2019

Thank you.

Hyland Connect

Kafka/SASL