Authentication in SWAP is handled using SASL at the beginning of a connection. This allows SWAP to support any number of different types of authentication from simple passwords to kerberos.

There are two different aspects when connecting to SWAP, first is authentication, validating your password. Second is your authorization, what file groups and actions are you allowed to perform.

LDAP Authentication

LDAP authentication will allow someone to use the username and password they have stored in an LDAP. It attempts to authenicate by binding to a dn within an LDAP. For example, at UMIACS, we have the following group setup that lists all authorized users. ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu. When you try to connect as tom, your username and password is used to try to connect to uid=tom,ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu

In the server properties file, you need to specify the following

• auth.ldap.url=URL of your ldap server (ldaps://ldap.umiacs.umd.edu)
• auth.ldap.basedn=base dn to bind to (ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu)
• auth.ldap.ignoressl=false (optional, set to true if your ldap has an untrusted ssl key)