Security - TLS
Note: Default deployment comes without TLS
To enable TLS for the server, following configurations must be set:
- ssl.server.enabled=true : To enable TLS
- server.ssl.key-store=dev-support/test_files/keystore.jks : Path to keystore
- server.ssl.key-store-password=Test1234 : Password of the keystore
- server.ssl.key-store-type=JKS : Type of the keystore
- server.ssl.key-alias=test-keystore : Alias to use in the keystore
- server.ssl.key-password=Test1234 : Password of the key in the keystore
- server.ssl.trust-store=dev-support/test_files/truststore.jks : Path of the truststore
- server.ssl.trust-store-password=Test1234 : Password of the truststore
Security - Auth
To enable authentication and set the default admin user, following configurations are required:
- security.basic.enabled=true
- datagen.auth.type=internal : Type of auth to make among: internal, ldap, ldap-embedded
Internal
To configure internal users, a default admin user must be set with following properties:
- datagen.admin.user=admin
- datagen.admin.password=admin
Then, automatic setup of users or groups to be admin, can be set with following properties:
- datagen.auth.internal.group.admins=admin : comma separated list of admin groups
- datagen.auth.internal.user.admins=superman,batman : comma separated list of admin users
In this mode, users are managed directly from the UI by admin users (defined above) and persisted to disk using a file whose path is defined by property:
- datagen.users.file.path
LDAP - Embedded
To configure an automatic embedded ldap (whose users are defined in an internal ldif file: src/main/resources/users.ldif), set following properties:
- datagen.auth.type=ldap-embedded
- spring.ldap.embedded.ldif=classpath:users.ldif
- spring.ldap.embedded.base-dn=dc=springframework,dc=org
- spring.ldap.embedded.port=8389
LDAP
To setup and configure an LDAP to get users from, set following properties:
- datagen.auth.type=ldap
- datagen.auth.ldap.url=ldap://hostname.com:389/
- datagen.auth.ldap.basedn=dc=frisch,dc=com
- datagen.auth.ldap.bind.user=uid=admin,cn=users,cn=accounts,dc=frisch,dc=com
- datagen.auth.ldap.bind.password=Cloudera1234
- datagen.auth.ldap.group.base=cn=groups,cn=accounts
- datagen.auth.ldap.group.filter=(member={0})
- datagen.auth.ldap.group.search.subtree=true
- datagen.auth.ldap.group.search.maxdepth=5
- datagen.auth.ldap.group.role.attribute=cn
- datagen.auth.ldap.group.convert.uppercase=true
- datagen.auth.ldap.group.attribute=memberOf
- datagen.auth.ldap.user.base=cn=users,cn=accounts
- datagen.auth.ldap.user.filter=(uid={0})
- datagen.auth.ldap.user.attribute=uid
To also enable a reverse search where users are taken from a research on groups scoped to datagen.auth.ldap.group.base defined earlier
- datagen.auth.ldap.group.reverse.search=true
- datagen.auth.ldap.group.reverse.search.timeout=60
- datagen.auth.ldap.group.user.attribute=member
Automatic mapping of user/groups to be admin in Datagen:
- datagen.auth.ldap.group.admins=admin_group
- datagen.auth.ldap.user.admins=superman
Automatic mapping of user/groups to be user in Datagen (if empty, then all users logged in can use Datagen):
- datagen.auth.ldap.group.users=
- datagen.auth.ldap.user.users=