Configure authentication and authorization (LDAP/AD, JWT/OpenID) and map users to UID/GID so tasks run in the right user context.
Right - Authentication & Authorization
Data Movement and Rights Preservation
When Nodeum transfers data between different storage types, it typically maintains the rights, ownership, and metadata from the source storage.
Authentication & Authorization Mechanism for Storage Access
The requirement is to access storage systems that do not permit root account access. Thus, the Data Mover service must operate under the user's context instead of a root context. The Nodeum Data Mover facilitates this by switching to the user context during each task execution. This context switch is part of the user authentication mechanism, enabling the Data Mover service to use authenticated user credentials for storage access.
For Different Storage Types:
Posix File System: The Data Mover operates under the user's uid and gid by switching to the user context and performs tasks on behalf of the user.
Object Storage: The Data Mover can authenticate using a JWT token-based mechanism. Protocols such as OpenID are supported for authentication.
Nodeum Interface
Nodeum offers various interfaces for accessing its service with multiple user management options, including local management, LDAP, and Active Directory. It supports advanced configurations for user authentication and authorization, integrating capabilities to request and verify JWT tokens from an identity provider. These tokens can be used to search an LDAP server for user UID and GID, enabling storage connections as outlined previously.
