Configure SQLFire to Use Your LDAP Directory Service

When configuring vFabric SQLFire to use LDAP as your authentication service, you must specify which LDAP server to use.

Procedure


  1. Set the auth-provider property to "LDAP" when you start each locator and server in the SQLFire distributed system.
  2. When you set the auth-provider property to "LDAP," SQLFire uses LDAP for authenticating distributed system members as well as clients to the distributed system. For this reason, SQLFire members must supply the user option (and optionally, the password option) at startup. If you omit the password option, the SQLFire member prompts you for a password at the command line.
  3. Set the sqlfire.auth-ldap-server property to the URL to the LDAP server. For example:
    sqlfire.auth-ldap-server=ldap://server:port/

    You can specify the LDAP server with only the server name, the server name, and its port number separated by a colon, or an "ldap" URL. If a full URL is not provided, SQLFire uses unencrypted LDAP by default. To use SSL-encrypted LDAP, provide a URL starting with "ldaps://".

    Note: This property must be specified either as a Java system property or in the sqlfire.properties file. For example, when booting a new SQLFire server with sqlf, you could use the command-line option -J-Dsqlfire.auth-ldap-server=ldaps://server:port/ to specify the Java system property.

  4. If you use SSL-encrypted LDAP and your LDAP server certificate is not recognized by a valid Certificate Authority (CA), create a local trust store for each SQLFire member and import the LDAP server certificate to the trust store. See http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore for more information.
  5. If you performed step 3, include the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties when you start individual SQLFire members. For example:
    sqlf server start -dir=./server -locators=localhost[10101] -client-port=1528 -auth-provider=LDAP \
                       -J-Dsqlfire.auth-ldap-server=ldaps://ldapserver:636/ -user=user_name -password=user_pwd \
                       -J-Dsqlfire.auth-ldap-search-dn=uid=sqlfire1,ou=ldapExample,dc=gemstone,dc=com  \
                       -J-Dsqlfire.auth-ldap-search-pw=sqlfire1 \
                       -J-Dsqlfire.auth-ldap-search-base=ou=ldapTesting,dc=gemstone,dc=com \
                       -J-Djavax.net.ssl.trustStore=/Users/yozie/vFabric_SQLFire_10x/keystore_name \
                       -J-Djavax.net.ssl.trustStorePassword=keystore_password &
    Note: javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword must be specified as Java system properties (using the -J option on the sqlf command line).
Note: LDAP server and search properties must be set to the same value for each member of the SQLFire distributed system. However, individual SQLFire members can be started using different authenticated user credentials, trust stores, and so forth.