Nodeum Docs
HomepageBlog
  • ✨What is Nodeum?
    • Data Management Software
  • 👣GETTING STARTED
    • Step by Step
  • 🏨ARCHITECTURE
    • Standalone
    • High Availability
    • Fully Scalable & Resilience
  • Install and Deploy Nodeum
    • Platform Support
    • Nodeum v1
      • Ansible based installation
    • Nodeum v2 - Data Mover
      • Ansible based Installation
        • Customize your Installation
      • Docker Based Deployment
    • SLURM Integration
    • Software License Application
  • Interfaces
    • ND Client
    • Console
      • Manual for Administrator
        • Login
        • Dashboard & Reports
        • Catalog
        • Data Mover Management
        • Advanced Task Management
        • Data Container
        • Primary Storage Configuration
        • Pool Management
        • TCO Calculator
        • Toolbox
        • System Settings
          • Information
          • Configuration
          • Date & Time
          • Backup
          • Services
          • Hostname and DNS Configuration
          • NAS Storage Configuration
          • Object Storage Configuration
          • Tape Library Configuration
          • User Management
          • Audits
      • Manual for End User
    • For Developers
      • RESTful API
      • Configuration through RestAPI Console
      • Software Developement Kits (SDK)
      • Nodeum API
        • API Terms of Use
        • release v1.x
        • release v2.x
  • DATA MOVER
    • Policy-Based Task orchestration
      • Pool Management
      • Scheduler
      • Data Integrity
      • Priority Management
      • Filtering (Basic or Advanced)
      • Hook service (callback)
    • Content traceability
    • Metadata Management
  • IDENTITY MANAGEMENT
    • Right - Authentication & Authorization
    • LDAP Plugin for JWT Token
  • Container Configuration
    • Prerequisites
    • About Container
    • Authorization and Authentication
    • Access your Container
  • HYBRID STORAGE MANAGEMENT
    • File System Managment
    • Object Storage Management
      • Customize your S3 connection
    • Tape Library Management
      • Tape Writing Format : LTFS
      • Tape Compression
      • Tape Rehydratation
      • Import a LTFS Tape
      • Task Maintenance for Tapes
  • ⏰Alert & Monitoring
    • Alerts
    • Monitoring
    • Log Management
  • 🏥Recover after Hardware Failure
    • Failover - Active/Passive
    • Failover Procedure - One Site
    • Backup & Restore
  • 🔐Security Guide
    • Advanced Network Configuration
    • Add a SSL Certificate on Web Console
    • Enable SSL Certificate Container accessible on S3 Protocol
  • Compatibility guide
    • Software requirement
    • Supported Storage
  • PRODUCT SPECIFICATIONS
    • Character Set Support
    • Limitations
    • Files Status
    • Task Status
Powered by GitBook
On this page
  • Definition
  • Activation
  • Configuration

Was this helpful?

  1. IDENTITY MANAGEMENT

LDAP Plugin for JWT Token

Definition

Based on a JWT token, the LDAP plugin allows to retrieve a user's uid - gid. The plugin is configurable to specify the unique identifier which is used to retrieve information from the token. The current user's UID and GID values are then retrieved via the LDAP server using this identifier.

Activation

The LDAP plugin must be activated and configured on the nodes where the dispatcher service is installed.

Configuration

Define a file named ldap-mapping.yml into the folder /opt/nodeum/plugins/.

The file has to contain three differents sections: memberUid – groups – persKey.

Each of them can be filled-in with basedn, filter and attribute information. These information has to cope with the LDAP structure.

This following file is an example of ldap-mapping.yml file configuration:

memberUid:
  basedn: ou=accounts,ou=mysite,dc=my-org,dc=com
  filter: (x-mysite-persKey={{ index (ldapsearch "persKey") 0 }})
  attribute: uid

groups:
  basedn: ou=groups,ou=mysite,dc=my-org,dc=com
  filter: (memberUid={{ index (ldapsearch "memberUid") 0 }})
  attribute: cn

persKey:
  basedn: ou=people,ou=mysite,dc=my-org,dc=com
  filter: (mail={{ .claims.email }}})
  attribute: x-mysite-persKey

Last updated 1 year ago

Was this helpful?