This feature is only available in NCache Enterprise Edition.
NCache offers LDAP integrated security to secure cache nodes. Once a node is secured there are two access levels defined on that node. One is related to management operations along with other cache operations. While the other is limited to cache API access. To configure security, administrators need to set up LDAP including domain controller information, search base details, and user credentials for verification.
All the caches on a secured node are automatically secured.
User/Group refers to an authorized individual or multiple individuals represented by one category. For example, User John Smith is part of the Employee Group.
To get the complete benifits of these access levels NCache supports two users: Node Administrators(Users/Groups) and Cache Users(Users/Groups). Node Administrators are Super-Users and have complete control over the cache - they will be able to create, modify, remove caches and perform any other cache management operations as well. Node Administrators can save or discard security configurations if previously established. They will also be able to inherit the capabilities of Cache Users to access and interact with caches using the NCache API.
However, if you want to limit some users to cache API access only and don't want them to perform any management operations, then configuring Cache User is your go to option. Where you can restrict the user to perform data operations including Add, Remove, Update and Retrieve through the relevant APIs only.
But, if you don't want to define different access levels for your users and allow all of them to perform all types of operations on cache. There is no need to configure Cache User, as your Node Administrators have all the rights to manage and operate the cache smoothly.
Please note that every participating node in a cluster should be registered with LDAP regardless of the nature of the User/Group role.
After establishing security settings for one node, you need to ensure that all the nodes in that cluster have the similar security settings on them. User/Group acting as Node Administrator on one node should be the adminstrators on all the other nodes in that cluster. Similarly User/Group acting as Cache User on one node should be Cache User on rest of the nodes.
If homogenous security settings are not ensured on all nodes of a cluster you can encounter different issues while managing and operating cache.
A secured node as the first node in a cache cluster should prevent the addition of vulnerable nodes.
A vulnerable node as the first node in a cache cluster shall prevent the addition of secured nodes.
Please note that Credential Caching is enabled by default on a secured node.
When a registered LDAP user/group gets added to the NCache there is always a validation check through the domain controller to verify whether this user/group is registered with the domain or not. In this scenario, if the connection with the domain controller breaks, validation fails and the user cannot perform any operation, affecting the application's performance.
To avoid this, NCache offers Credential Caching where the group's/user's credentials are stored in NCache. After this, upon every verification, the validation check will run through the Cached Credentials instead of verifying them from the domain controller.
Once the credentials are cached, every future verification will be done via these cached credentials.The following tag is used in the Service config file for Credential Caching:
The tag is True by default, but if a user wants to disable Credential Caching, they can simply set it to False in the Service config file.