LDAP authentication and Pass-through session credentials

Applies to: Denodo 8.0 , Denodo 7.0 , Denodo 6.0
Last modified on: 04 Mar 2021
Tags: LDAP User management

Download document

You can translate the document:

Content

A virtual database can be configured to use LDAP authentication, which delegates user authentication to a LDAP server.  Additionally to that, since Denodo 8.0, you can configure global LDAP authentication at server level. When a user tries to connect to a database or a Virtual DataPort Server configured for LDAP authentication, the server will check whether the user is a Virtual DataPort local user, and if not, it will connect to the configured LDAP server in order to check the credentials and roles of the user.  To use LDAP authentication the following is needed:  

  • LDAP data source.
  • Virtual DataPort Server or a virtual database for which (global) LDAP authentication was enabled.
  • User base: node of the LDAP server used as scope to search nodes that represent users.
  • Attribute with user name: name of the attribute that contains the username in the node
  • User search pattern: the value of this field is used to build the LDAP query to obtain the nodes that represent the users.
  • Role base : node of the LDAP server whose children nodes represent roles that users of the database have.
  • Attribute with role name.
  • Role search pattern: This pattern has to contain the token @{USERDN} which will be replaced by the distinguished name of the user that tries to connect to the database.

Read the LDAP Authentication of Virtual DataPort Administration Guide or the Knowledge Base article LDAP authentication best practices for more information about setting up LDAP authentication.

When creating data sources, there is a “Pass-through session credentials" option.  If selected, Virtual Data Port will use the user’s Virtual DataPort database login credentials to authenticate a query to the data source.

If a user connects to a database through LDAP authentication, and then queries a view from a data source with “Pass-through session credentials”, the user’s LDAP username and password will be used to execute the query.  Read more about “Pass-through session credentials" in the Virtual DataPort Administration Guide section “Importing JDBC Sources”.

References

Knowledge Base Article: LDAP authentication best practices.

Virtual DataPort Administration Guide: LDAP Authentication.

Virtual DataPort Administration Guide: Administration of Databases, Users, Roles and their Access Rights.

Virtual DataPort Administration Guide: Importing JDBC Sources.

LDAP Authentication at server level

Importing LDAP roles in Virtual DataPort

Questions

Ask a question
You must sign in to ask a question. If you do not have an account, you can register here

Featured content

DENODO TRAINING

Ready for more? Great! We offer a comprehensive set of training courses, taught by our technical instructors in small, private groups for getting a full, in-depth guided training in the usage of the Denodo Platform. Check out our training courses.

Training