Versions Compared

Old Version 7

changes.mady.by.user Cedric

Saved on

compared with

New Version Current

changes.mady.by.user Cedric

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Valid from Datafari 3.0

This document explains how user management is done in Datafari, following the RBAC (Role Based Access Control) model.

...

The steps for authentication is illustrated in the three pictures below.

Image Removed

Image Removed

Image Removed

...

As shown above, when a user wants to authenticate, Datafari first calls CombinedRealm.

CombinedRealms triggers CassandraRealm, which will check the authentication using the database of Cassandra. If it fails, CombinedRealm triggers JNDI DirectoryRealm that will check the authentifcation using the AD/LDAP you have configured. These steps are done using the user credentials provided.

...

Since Datafari uses 3 realms, they need to be configured. CustomCombinedRealm and GenericCassandraRealm should not require you to modify their configuration, as they are embedded in the Datafari package. Still, in case you want to customise them, it is feasible. The realm that requires configuration is the JNDIRealm, for the remote AD/LDAP connection. These configurations are done in context.xml, which is in WebContent/META-INF :

Code Block
<?xml version="1.0" encoding="UTF-8"?>

<Context>

	<Realm
		className="com.francelabs.realm.CustomCombinedRealm">
		<Realm
		   authDB="db-containing"
		   authCollection="users"
		   authUserField="username"
		   authPasswordField="password"
		   authRoleField="role"
		   className="com.francelabs.realm.GenericMongoRealm"
		   defaultDbHost="localhost"
		   defaultDbPass=""
		   defaultDbUser=""
		   defaultRole="user"
		   digest="SHA-256"/>
		<Realm
		   className="org.apache.catalina.realm.JNDIRealm"
		   connectionURL="ldap://ldap.forumsys.com:389"
		   userPattern="uid={0},dc=example,dc=com"
		   connectionName="cn=read-only-admin,dc=example,dc=com"
		   connectionPassword="password"/>
	</Realm>
</Context>

Regarding the last Realm above, which relates to the AD/LDAP, its configuration depends on your AD/LDAP system. To configure it properly, please follow the Tomcat 7 JNDIRrealm howto page (url: https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html )

Regarding the Cassandra realm configuration: by default, the Cassandra database requires no username and password. Still, you should definitely add a password and a username for the connection your Cassandra. Once this is done, fill in these information in defaultDbUser and defaultDbPass.