Swap:Configuring Authentication: Difference between revisions
From Adapt
No edit summary |
No edit summary |
||
Line 9: | Line 9: | ||
In the server properties file, you need to specify the following | In the server properties file, you need to specify the following | ||
auth.ldap.url=URL of your ldap server (ldaps://ldap.umiacs.umd.edu) | * auth.ldap.url=URL of your ldap server (ldaps://ldap.umiacs.umd.edu) | ||
auth.ldap.basedn=base dn to bind to (ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu) | * auth.ldap.basedn=base dn to bind to (ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu) | ||
auth.ldap.ignoressl=false (optional, set to true if your ldap has an untrusted ssl key) | * auth.ldap.ignoressl=false (optional, set to true if your ldap has an untrusted ssl key) |
Latest revision as of 22:08, 18 February 2010
Authentication in SWAP is handled using SASL at the beginning of a connection. This allows SWAP to support any number of different types of authentication from simple passwords to kerberos.
There are two different aspects when connecting to SWAP, first is authentication, validating your password. Second is your authorization, what file groups and actions are you allowed to perform.
LDAP Authentication
LDAP authentication will allow someone to use the username and password they have stored in an LDAP. It attempts to authenicate by binding to a dn within an LDAP. For example, at UMIACS, we have the following group setup that lists all authorized users. ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu. When you try to connect as tom, your username and password is used to try to connect to uid=tom,ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu
In the server properties file, you need to specify the following
- auth.ldap.url=URL of your ldap server (ldaps://ldap.umiacs.umd.edu)
- auth.ldap.basedn=base dn to bind to (ar=swapgroup,ou=labs,dc=umiacs,dc=umd,dc=edu)
- auth.ldap.ignoressl=false (optional, set to true if your ldap has an untrusted ssl key)