This sample demonstrates the use of StreamBase LDAP authentication with Active Directory. That is, it limits access to certain StreamBase commands, such as sbc dequeue, to users who can provide authentication credentials associated with one of the StreamBase roles.
Unlike the samples that focus on StreamBase operators, where the *.sbapp file contains specific data processing features, the LDAP Authentication sample is focused on configuration steps. It allows you to observe what happens at runtime when different types of StreamBase commands are attempted.
The LDAP Authentication sample consists of:
A StreamBase application,
A corresponding configuration file,
ldap-authentication.sbconf, to run the app. Comments in the file indicate where site-specific modifications are required.
adduser.bat, to add two users and two groups, one each for StreamBase testing and administration, to Active Directory. Comments in the script indicate where site-specific modifications are required. This script is intended to be run on the Active Directory machine from a suitably privileged account.
deleteuser.bat, to remove the users and groups added by
adduser.batfrom Active Directory. Comments in the script indicate where site-specific modifications are required. This script is intended to be run on the Active Directory machine from a suitably privileged account.
While you can examine
ldap-authentication.sbapp in StreamBase Studio, note that the point of this sample is not the application diagram itself, but instead to illustrate
that, when LDAP authentication is enabled, users must provide valid credentials in order to run StreamBase commands such as
sbc, sbfeedsim, and sbadmin.
Although you can open this sample's application files in StreamBase Studio to study how the application is assembled, this sample is designed to be run in Windows command prompt windows.Be sure to use the StreamBase Command Prompt from the Start menu as described in the Test/Debug Guide, not a standard command prompt.
To run this sample:
deleteuser.batwith your site-specific settings.
Open three StreamBase Command Prompts on Windows. In each window, navigate to the directory where the sample is installed, or to your workspace copy of the sample, as described above.
adduser.bat. This script adds the test and adminstrative users,
sbmanager, respectively, the corresponding groups,
SBAdmin, and adds each user to its corresponding group in Active Directory.
In window 1, start StreamBase Server with this command:
sbd -f ldap-authentication.sbconf ldap-authentication.sbapp
In window 2, dequeue from the output stream
OutputStreamwith the following command:
sbc -u "sb://localhost;user=sbtest;password=sbtest" dequeue OutputStream
In window 3, enqueue to the input stream
InputStreamwith the following command:
echo "This is a test" | sbc -u "sb://localhost;user=sbtest;password=sbtest" enqueue InputStream
In window 2, look for the tuple enqueued in window 3
Next, try to shut down the server without credentials. In window 3, type:
Without credentials, the server refuses the shutdown request:
sbadmin: sb://localhost:10000/: AuthenticationException: Authentication failure. Method: STATUS, user: null
Now try to shut down the server with the credentials for the sbtest user:
sbadmin -u "sb://localhost;user=sbtest;password=sbtest" shutdown
Server shutdown is restricted to users with the SBAdmin role, so this command also fails:
sbadmin: sb://localhost:10000/: AuthenticationException: Authentication failure. Method: SHUTDOWN, user: sbtest
Finally, shut down the server with the credentials for an administrative user:
sbadmin -u "sb://localhost:10000;user=sbmanager;password=sbmanager" shutdown
This time, the command succeeds. Look for a
StreamBaseServer shut downmessage in window 1.
deleteuser.batto delete the users and groups added to Active Directory by
In StreamBase Studio, import this sample with the following steps:
From the top menu, select→ .
Select this sample from the Applications list.
StreamBase Studio creates a project for the sample.
When you load the sample into StreamBase Studio, Studio copies the sample project's files to your Studio workspace, which is normally part of your home directory, with full access rights.
Load this sample in StreamBase Studio, and thereafter use the Studio workspace copy of the sample to run and test it, even when running from the command prompt.
Using the workspace copy of the sample avoids permission problems. The default workspace location for this sample is:
See Default Installation Directories for the location of
studio-workspace on your system.