1. Authentication
Authentication is provided by LDAP. LDAP (Lightweight Directory Access Protocol) is a protocol used for service authentication. LDAP uses usernames and passwords to authenticate users. The LDAP implementation that LeanXcale recommends is the latest OpenLDAP version, as of now OpenLDAP-2.5.7 that has been certified with LDAP v3. However, other LDAP available implementations can be used. For example, ApacheDS has been certified with LDAP v3 or Oracle LDAP, that also provides LDAP v3.
It is required that the administrator starts the LDAP service, and LeanXcale makes use of that LDAP server to provide authentication. The LDAP server used may typically be the LDAP server of the company, with all the usernames and passwords of the company.
The property SECURITY needs to be set in the [all:vars] section of the LeanXcale inventory file.
SECURITY={'ldap': {'leanxcale.queryEngine.authentication.type': 'ldap', 'java.naming.provider.url': '172.31.59.177', 'leanxcale.ldap.ldapBase': 'dc=bef55ef74b89c87e579a,dc=lxc-db,dc=com', 'leanxcale.ldap.conntype': 'simple', 'leanxcale.ldap.adminDn': 'cn=admin,dc=bef55ef74b89c87e579a,dc=lxc-db,dc=com', 'leanxcale.ldap.adminPwd': {'LDAP_ADMIN_USERNAME': 'admin', 'LDAP_ADMIN_PASSWORD': 'pass@lx-129034, 'LDAP_USERS': 'user01', 'LDAP_PASSWORDS': 'password1'}}}To create users, the database administrator has to use the LeanXcale administration tool lxConsole. The following command creates the user alice with the password iAm@dmin on the database db.
$ lxConsole addUser alice iAm@dmin db