Versions Compared

Old Version 4

changes.mady.by.user Cedric

Saved on

compared with

New Version 5

changes.mady.by.user Cedric

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

This document explains how user management is done in Datafari, following the RBAC (Role Based Access Control) model.

...

As shown above, when a user wants to authenticate, Datafari first calls CombinedRealm.

CombinedRealms triggers MongoDBRealm CassandraRealm, which will check the authentication using the database of MongoDBCassandra. If it fails, CombinedRealm triggers JNDI DirectoryRealm that will check the authentifcation using the AD/LDAP you have configured. These steps are done using the user credentials provided.

It is important to note that AD/LDAP is not required for Datafari to work : You can use only MongoDB Cassandra without changing any setting.

Since Datafari uses 3 realms, they need to be configured. CustomCombinedRealm and GenericMongoRealm GenericCassandraRealm should not require you to modify their configuration, as they are embedded in the Datafari package. Still, in case you want to customise them, it is feasible. The realm that requires configuration is the JNDIRealm, for the remote AD/LDAP connection. These configurations are done in context.xml, which is in WebContent/META-INF :

Code Block
<?xml version="1.0" encoding="UTF-8"?>

<Context>

	<Realm
		className="com.francelabs.realm.CustomCombinedRealm">
		<Realm
		   authDB="db-containing"
		   authCollection="users"
		   authUserField="username"
		   authPasswordField="password"
		   authRoleField="role"
		   className="com.mongodbfrancelabs.realm.GenericMongoRealm"
		   defaultDbHost="localhost"
		   defaultDbPass=""
		   defaultDbUser=""
		   defaultRole="user"
		   digest="SHA-256"/>
		<Realm
		   className="org.apache.catalina.realm.JNDIRealm"
		   connectionURL="ldap://ldap.forumsys.com:389"
		   userPattern="uid={0},dc=example,dc=com"
		   connectionName="cn=read-only-admin,dc=example,dc=com"
		   connectionPassword="password"/>
	</Realm>
</Context>

...

Regarding the last Realm above, which relates to the AD/LDAP, its configuration depends on your AD/LDAP system. To configure it properly, please follow the Tomcat 7 JNDIRrealm howto page (url: https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html )

Regarding the MongoDB Cassandra realm configuration: by default, the MongoDB Cassandra database requires no username and password. Still, you should definitely add a password and a username for the connection your MongoDbCassandra. Once this is done, fill in these information in defaultDbUser and defaultDbPass.

...