Configure Security for Cache Cluster
This feature is only available in NCache Enterprise Edition.
In order to configure security for NCache Web Manager, you need to provide valid domain information of LDAP directories (primary as the mandatory domain and secondary as optional for fault tolerance).
Follow the steps provided below to configure Web Manager security.
Configure Security for Web Manager
Launch NCache Web Manager by browsing to http://localhost:8251 or
<server-ip>:8251on Windows and Linux.
In the right corner, click on to open Manager Settings.
From the left bar, click on Manager Security.
Provide the valid credentials for your LDAP directory like name of Domain Controller, Secondary Domain Controller (optional), Search Base, Port (optional), User Name, User DN and Password.
- Click on Verify Settings. If settings are verified, you will be prompted with a success message. Click on Apply.
If node level security is enabled, you will not be able to add security on any cache containing that node unless you provide that node's admin credentials.
Configure Cache Level Security
After you have created cache, API level security for the cache cluster can be configured in following ways:
Using NCache Web Manager
In the left navigation bar, click on Clustered Caches or Local Caches, based on the cache to configure.
Against the cache name, click on View Details.
This opens up the detailed configuration page for the cache. Go to the Advanced Settings tab and click on Security and Encryption in the left bar.
Under Security, check the box Enable Security.
- Expand the Domain Users list which will display all users under the search base you entered previously. Select the respective users from Domain Users by clicking on > button.
- Click on Save Changes to apply the configurations to cache.
- This adds security for the respective cache, which is also saved in config.ncconf under the <security> tag.
Add-CacheSecurity cmdlet configures server cache level security.
To enable security for the first time, there must be at least one user in the administrator's list. To add a user for the first time, local admin credentials are used.
The following command enables cache security against user john_smith for demoClusteredCache where the primary domain controller is yourprimarydomain.
Add-CacheSecurity -EnableSecurity -UserID john_smith -Password mypassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -Server 220.127.116.11 -Name demoClusteredCache
The following command lets you add more users to the secured users list on the node 18.104.22.168 having yourprimarydomain as the primary LDAP controller.
Add-CacheSecurity -AddUser -UserID john_smith -Password mypassword -NewUser david_watson -NewUserDN "CN=David Watson,OU=admin,DC=yourdomain,DC=org" -NewUserPassword userpassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -Server 22.214.171.124 -Name demoClusteredCache
Using Cache Config File
You can add cache level security using the
config.ncconf file shipped at %NCHOME%/config. Populate the
security section in this file with the LDAP host and admin information as follows:
<security enable-security="True"> <ldap host="yourprimarydomain" port="389"/> <ldap-secondary host="yoursecondarydomain" port="389"/> <user id="john_smith" dn="CN=John Smith,OU=admin,DC=yourdomain,DC=org"/> </security>