Using LDAP Authentication

Starting with release 7.1.3, StreamBase Server can be configured to authenticate user names and entities against one or more LDAP servers. (In previous releases, LDAP authentication was handled by the StreamBase Proxy Server.) Since Microsoft Active Directory can provide LDAP services, you can use StreamBase LDAP support to authenticate against one or more Active Directory servers.

All LDAP configuration is managed with child elements of the <security> element in the server configuration file. Initial documentation of the LDAP configuration elements is found in the skeleton configuration file. Generate such a file with either of these methods:

  • In Studio, run FileNewStreamBase Server Configuration File. In the next dialog, select the check box for the option labeled Populate with default configuration comments.

  • At the StreamBase Command Prompt, run a command like the following:

    sbd -s > sbconf-skel.txt
    

For StreamBase Server to successfully communicate with an LDAP server, it must have its own distinguished name and password. This DN does not need to have access rights to other LDAP servers or services.

Specify the server's DN and password with <param> elements like this example:

<security>
  <ldap>
    ...
    <param name="root-dn" value="cn=SBServer1,cn=Users,dc=ldap,dc=example,dc=com" />
    <param name="password" value="secret" />
    ...
  </ldap>
</security>

Each StreamBase connection that requires authentication uses the user name and password provided to StreamBase Server to connect to the configured LDAP servers. If the user name and password connects successfully, any role attributes defined in the configuration file are read and checked. If not, access is denied.