ETL Server Security

From Metadata Technology Wiki
Jump to navigation Jump to search

Overview

The Fusion ETL Server providers a default root account, whose configuration can be modified. In addition, it is possible to configure the ETL Server to authenticate users through an Active Directory or Open LDAP server.

To Authenticate with Active Directory (AD) or Open LDAP create the file auth.json in the ETL home directory. The configuration file is in JSON format and is explained in the following sections. The configuration is read by the ETL server on application startup.


Active Directory Confiuguration

  • Id Required. Fixed as ActiveDirectory
  • Server Required. It defines the URL to the AD server
  • Domain Optional. Defines a Collection of objects within a Microsoft Active Directory network which are valid authentication targets
  • AdminRoles Required. Defines which AD roles can access the ETL server
  • BaseDN Optional. The starting point an LDAP server uses when searching for users authentication within your Directory
  • SearchFilter Optional. Provides filter on AD objects
 {
   "Id": "ActiveDirectory",
   "Server": "ldap://11.11.11.111",
   "Domain": "my.domain",
   "AdminRoles": ["AD_ROLE1", "AD_ROLE2"],
   "BaseDN" : "CN=user1,CN=Users,DC=example,DC=com",
   "SearchFilter" : "(&(objectClass=user)(userPrincipalName={0}))"  //this is the default used if not defined
 }

Open LDAP Confiuguration

  • Id Required. Fixed as LDAP
  • Server Required. It defines the URL to the AD server
  • AdminRoles Required. Defines which AD roles can access the ETL server
  • BaseDN Optional. The starting point an LDAP server uses when searching for users authentication within your Directory
  • GroupSearchBase
  • GroupSearchFilter
  • ManagerDn
  • ManagerPwd
  • RolePrefix
  • UserID
  • UserSearchBase
  • UserSearchFilter
 {
   "Id": "LDAP",
   "Server": "ldap://11.11.11.111",
   "BaseDN" : "CN=user1,CN=Users,DC=example,DC=com",
   "AdminRoles": ["AD_ROLE1", "AD_ROLE2"],
   "SearchFilter" : "(&(objectClass=user)(userPrincipalName={0}))"  //this is the default used if not defined
 }