Configure Security for Cache Cluster
This feature is only available in NCache Enterprise Edition.
In order to configure security for the NCache Manager, you need to provide valid domain information of LDAP directories (primary - as the mandatory domain and, secondary - as optional for fault tolerance).
Follow the steps provided below to configure the NCache Manager Security.
Configure Security for NCache Manager
Launch the NCache Manager by browsing to http://localhost:8251 or
<server-ip>:8251on Windows and Linux.
In the right corner, click on to open the NCache Manager Settings.
Provide the valid credentials for your LDAP directory like name of Domain Controller,Port, Secondary Domain Controller (optional), Port, Use SSL Port, Search Base.
Click on Verify. If settings are verified, you will be prompted with a success message. Click on Save.
If node level security is enabled, you will not be able to add security on any cache containing that node unless you provide that node's admin credentials.
Configure Cache Level Security
After you have created cache, API level security for the cache cluster can be configured in following ways:
Using the NCache Manager
In the left navigation bar, click on Clustered Caches or Local Caches, based on the cache to configure.
Against the cache name, click on View Details.
- This opens the detailed configuration page for the cache. Go to the Advanced Settings tab and click on Security and Encryption in the left bar.
- Click on Save Changes to apply the configurations to cache.
- This adds security for the respective cache, which is also saved in config.ncconf under the <security> tag.
Add-CacheSecurity cmdlet configures cache level security.
To enable security for the first time, there must be at least one user in the administrator's list. To add a user for the first time, local admin credentials are used.
The following command enables cache security against user john_smith for demoClusteredCache where the primary domain controller is yourprimarydomain.
Add-CacheSecurity -EnableSecurity -UserID john_smith -Password mypassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -Server 22.214.171.124 -Name demoClusteredCache
The following command lets you add more users to the secured users list on the node 126.96.36.199 having yourprimarydomain.
Add-CacheSecurity -AddUser -UserID john_smith -Password mypassword -NewUser david_watson -NewUserDN "CN=David Watson, OU=admin, DC=yourdomain, DC=org" -NewUserPassword userpassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -Server 188.8.131.52 -Name demoClusteredCache
Using Cache Config File
You can add cache level security using the config.ncconf file shipped at %NCHOME%/config. Populate the security section in this file with the LDAP host and admin information as follows:
<ldap host="yourprimarydomain" port="389"/>
<ldap-secondary host="yoursecondarydomain" port="389"/>
<user id="john_smith" dn="CN=John Smith, OU=admin, DC=yourdomain, DC=org"/>