LDAP Authentication Sample

This sample demonstrates the use of StreamBase LDAP authentication with Active Directory. That is, it limits access to certain StreamBase commands, such as sbc dequeue, to users who can provide authentication credentials associated with one of the StreamBase roles.

Unlike the samples that focus on StreamBase operators, where the *.sbapp file contains specific data processing features, the LDAP Authentication sample is focused on configuration steps. It allows you to observe what happens at runtime when different types of StreamBase commands are attempted.

For more information, see the Using StreamBase Server Simple Authentication topic in the Administration Guide.

This Sample's Files

The LDAP Authentication sample consists of:

  • A StreamBase application, ldap-authentication.sbapp.

  • A corresponding configuration file, ldap-authentication.sbconf, to run the app. Comments in the file indicate where site-specific modifications are required.

  • A script, adduser.bat, to add two users and two groups, one each for StreamBase testing and administration, to Active Directory. Comments in the script indicate where site-specific modifications are required. This script is intended to be run on the Active Directory machine from a suitably privileged account.

  • A script, deleteuser.bat, to remove the users and groups added by adduser.bat from Active Directory. Comments in the script indicate where site-specific modifications are required. This script is intended to be run on the Active Directory machine from a suitably privileged account.

Note

While you can examine ldap-authentication.sbapp in StreamBase Studio, note that the point of this sample is not the application diagram itself, but instead to illustrate that, when LDAP authentication is enabled, users must provide valid credentials in order to run StreamBase commands such as sbc, sbfeedsim, and sbadmin.

Running the Authentication Sample

Although you can open this sample's application files in StreamBase Studio to study how the application is assembled, this sample is designed to be run in Windows command prompt windows.Be sure to use the StreamBase Command Prompt from the Start menu as described in the Test/Debug Guide, not a standard command prompt.

To run this sample:

  1. Modify ldap-authentication.sbconf, adduser.bat, and deleteuser.bat with your site-specific settings.

  2. Open three StreamBase Command Prompts on Windows. In each window, navigate to the directory where the sample is installed, or to your workspace copy of the sample, as described above.

  3. Run adduser.bat. This script adds the test and adminstrative users, sbtest and sbmanager, respectively, the corresponding groups, SBUser and SBAdmin, and adds each user to its corresponding group in Active Directory.

  4. In window 1, start StreamBase Server with this command:

    sbd -f ldap-authentication.sbconf ldap-authentication.sbapp
  5. In window 2, dequeue from the output stream OutputStream with the following command:

    sbc -u "sb://localhost;user=sbtest;password=sbtest" dequeue OutputStream
  6. In window 3, enqueue to the input stream InputStream with the following command:

    echo "This is a test"   | sbc -u "sb://localhost;user=sbtest;password=sbtest" enqueue InputStream

    In window 2, look for the tuple enqueued in window 3

  7. Next, try to shut down the server without credentials. In window 3, type:

    sbadmin shutdown

    Without credentials, the server refuses the shutdown request:

    sbadmin: sb://localhost:10000/: AuthenticationException: Authentication failure. Method: STATUS, user: null
  8. Now try to shut down the server with the credentials for the sbtest user:

    sbadmin -u "sb://localhost;user=sbtest;password=sbtest" shutdown

    Server shutdown is restricted to users with the SBAdmin role, so this command also fails:

    sbadmin: sb://localhost:10000/: AuthenticationException: Authentication failure. Method: SHUTDOWN, user: sbtest
  9. Finally, shut down the server with the credentials for an administrative user:

    sbadmin -u "sb://localhost:10000;user=sbmanager;password=sbmanager" shutdown

    This time, the command succeeds. Look for a StreamBaseServer shut down message in window 1.

  10. Run deleteuser.bat to delete the users and groups added to Active Directory by adduser.bat.

Importing This Sample into StreamBase Studio

In StreamBase Studio, import this sample with the following steps:

  • From the top menu, select FileLoad StreamBase Sample.

  • Select this sample from the Applications list.

  • Click OK.

StreamBase Studio creates a project for the sample.

Sample Location

When you load the sample into StreamBase Studio, Studio copies the sample project's files to your Studio workspace, which is normally part of your home directory, with full access rights.

Important

Load this sample in StreamBase Studio, and thereafter use the Studio workspace copy of the sample to run and test it, even when running from the command prompt.

Using the workspace copy of the sample avoids the permission problems that can occur when trying to work with the initially installed location of the sample. The default workspace location for this sample is:

studio-workspace/sample_ldap-authentication

See Default Installation Directories for the location of studio-workspace on your system.

In the default TIBCO StreamBase installation, this sample's files are initially installed in:

streambase-install-dir/sample/ldap-authentication

See Default Installation Directories for the default location of studio-workspace on your system.