• » SwiftMQ.COM
• » Products
• » Kernel Swiftlets
• » LDAP Authentication Swiftlet

Search

Introduction

The LDAP Authentication Swiftlet is a replacement of the standard Authentication Swiftlet and utilizes a LDAP server to authenticate users and to authorize access to SwiftMQ resources.

All known authentication entities such as users, groups, grants, and resource limit groups are used from the LDAP Authentication Swiftlet as well. For an introduction please have a look at the standard Authentication Swiftlet's documentation.

These entities are defined as a LDAP schema which is part of the LDAP Authentication Swiftlet distribution and which must be installed at the LDAP server. Default users and groups are created during the schema installation. The entities are the same as with the standard Authentication Swiftlet (e.g. user "anonymous", group "public" etc).

The access from a SwiftMQ router to the LDAP server takes place via JNDI. After the schema has been installed and necessary entries (users etc) have been created, the LDAP Authentication Swiftlet must be configured to use a specific user to access the LDAP server. This user has to have the permissions to read the schema. The LDAP Authentication Swiftlet does not write to the LDAP server. Further, a provider URL has to be configured to locate the LDAP server. Thereafter, the SwiftMQ router can be started and will use the configured LDAP server for authentication. It is possible that different SwiftMQ routers use a single LDAP server concurrently.

The LDAP Authentication Swiftlet uses a single LDAP connection. To speed up authentication, caching can be enabled. All fetched authentication objects (users, groups, resource limit groups) are stored in memory then and will be used during further authentication processing. They expire after a configurable time, will be removed from the cache and fetched from the LDAP server again the next time they are used. Therefore, LDAP server changes are visible in SwiftMQ after the particular objects have been expired in the cache and are being reloaded from the LDAP server. Caching is enabled by default and uses an expiration of 5 minutes.

© Copyright 2000-2010 IIT Software GmbH. All rights reserved. SwiftMQ and Swiftlet are registered trademarks of IIT Software GmbH. All other product names mentioned herein are trademarks of their respective owners.