Active Directory

Panopticon Streams can be configured to authenticate towards an Active Directory server. Panopticon Streams is using LDAP to interact and communicate with the Active Directory server. Therefore, the configuration is very similar to the LDAP configuration in the previous section.

The following is an example on how the Realm can be configured when using Active Directory. Please note that the values should be replaced with details from your own LDAP source.

<Realm className="org.apache.catalina.realm.JNDIRealm"

   connectionURL="ldap://ad.dwch.com:3268"

   alternateURL="ldap://ad.dwch.com:389"

   authentication="simple"

   referrals="follow"

   connectionName=admin@DWCH.com

   connectionPassword="admin"

   userBase="cn=Users,dc=DWCH,dc=com"

   userSearch="(sAMAccountName={0})"

   userSubtree="true"

   roleBase="cn=Users,dc=DWCH,dc=com"

   roleName="cn"

   roleSearch="(member={0})"

   roleSubtree="true"

   roleNested="true"

/>

NOTE

Similar with LDAP, you can opt not to have a dedicated user by removing connectionName  and connectionPassword and instead let each user extract information about itself by adding userSearchAsUser and roleSearchAsUser in a Realm. Set both values to true. As mentioned in the LDAP section, the recommended usage is to have a dedicated user since there is no guarantee that each user is authorized to extract these details.