Authorization and Authentication
Last updated
Was this helpful?
Last updated
Was this helpful?
System -> User Management -> Container
Privileged access to containers is managed on a per-container basis. This page displays the list of available users and groups. This is also where the authentication mode can be defined.
The right and privileged of data stored in the container follows these rules:
Once a Workflow copy data into a Container ; the right and privilege of the original data are kept. This requires having Container user permission well configured to authorize these users to access their files.
If end users copy files through container in using SMB protocols, the rights will be the one defined in the Container access. Rights granted by the Container and associated permission schema.
Three types of authorization and authentication are available to access Container:
Local users and groups
Active Directory
LDAP
The default configuration is to use local user and group settings. The other two options are available to connect to either Active Directory or LDAP service.
Active Directory
The configuration allows the definition of an Active Directory connection. Validate all settings before saving them using the "Test connection" button. The "Save" button will confirm the connection to the selected Active Directory server and will join the Nodeum server to the Active Directory domain.
LDAP
This last configuration allows you to define a connection to an LDAP service. Validate all the settings before saving them by pressing the "Test Connection" button. The "Save" button confirms the connection to the selected LDAP server.
Click on the button '+' to add a new user:
Then this modal appears, and complete the information and save it:
User Name: Name of the User you would like to create,
Password: Password for this User,
Confirm Password: Retype the password to confirm it,
Optional: Select the group you want this user associated with.
For creating a new group, you have to go to the according tab "group"
Then this modal appears, and complete the information and save it:
Group Name: Name of the Group you would like to create.
Select the user(s) you want to include in this group.
It is possible to generate an S3 policy for any defined local user to enable S3 access to a container.
The procedure is to create the user as defined in the previous section. Once done, you need to edit it and follow these steps:
In this panel, you will see the URL and credentials required to access the S3 object storage console available. Copy in your clipboard the available S3 policy generated.
Then access the Minio Console url in using the Root User and Root Password available. Create through the Access menu a new policy and paste the policy from the clipboard.
Then, create a user, define your own password, and attach the defined policy to this user.
Once done, you are ready to access the Container through S3 with the user you have created. By default, the access to the Container in S3 are done through the port 9000.
With any of those, it is possible to define the rights and privileges of each user. This will allow and authorize the access of the container.
To set this authorization:
Go to Container and choose it.
Select “User” and select in the 3 buttons the edit button. you define the rights (Read/Write, Read Only, or no access).
Objective: Ensure that UID and GID preservation is maintained between an NFS client and a Container accessed via the NFS protocol
To achieve this, configure idmap on both the client and the Nodeum server.
Edit the idmap.conf file
Activate 'idmapping':
Configure the export:
Where uid=1000 is already existing
Where gid=2000 is a new group which has to be created
And restart the service
uid=1000 is customeruser user
gid=2000 is customergroup group
Edit the idmap.conf file
Activate 'idmapping':
And restart the service
