Contents
This sample demonstrates the use of StreamBase LDAP authentication with Active Directory. That is, it limits access to certain StreamBase commands, such as sbc dequeue, to users who can provide authentication credentials associated with one of the StreamBase roles.
Unlike the samples that focus on StreamBase operators, where the *.sbapp file contains specific data processing features, the LDAP Authentication sample is focused on configuration steps. It allows you to observe what happens at runtime when different types of StreamBase commands are attempted.
For more information, see the Using StreamBase Server Simple Authentication topic in the Administration Guide.
The LDAP Authentication sample consists of:
-
A StreamBase application,
ldap-authentication.sbapp
. -
A corresponding configuration file,
ldap-authentication.sbconf
, to run the app. Comments in the file indicate where site-specific modifications are required. -
A script,
adduser.bat
, to add two users and two groups, one each for StreamBase testing and administration, to Active Directory. Comments in the script indicate where site-specific modifications are required. This script is intended to be run on the Active Directory machine from a suitably privileged account. -
A script,
deleteuser.bat
, to remove the users and groups added byadduser.bat
from Active Directory. Comments in the script indicate where site-specific modifications are required. This script is intended to be run on the Active Directory machine from a suitably privileged account.
Note
While you can examine ldap-authentication.sbapp
in StreamBase Studio, note that the point of this sample is not the application diagram itself, but instead to illustrate
that, when LDAP authentication is enabled, users must provide valid credentials in order to run StreamBase commands such as
sbc, sbfeedsim, and sbadmin.
Although you can open this sample's application files in StreamBase Studio to study how the application is assembled, this sample is designed to be run in Windows command prompt windows.Be sure to use the StreamBase Command Prompt from the Start menu as described in the Test/Debug Guide, not a standard command prompt.
To run this sample:
-
Modify
ldap-authentication.sbconf
,adduser.bat
, anddeleteuser.bat
with your site-specific settings. -
Open three StreamBase Command Prompts on Windows. In each window, navigate to the directory where the sample is installed, or to your workspace copy of the sample, as described above.
-
Run
adduser.bat
. This script adds the test and adminstrative users,sbtest
andsbmanager
, respectively, the corresponding groups,SBUser
andSBAdmin
, and adds each user to its corresponding group in Active Directory. -
In window 1, start StreamBase Server with this command:
sbd -f ldap-authentication.sbconf ldap-authentication.sbapp
-
In window 2, dequeue from the output stream
OutputStream
with the following command:sbc -u "sb://localhost;user=sbtest;password=sbtest" dequeue OutputStream
-
In window 3, enqueue to the input stream
InputStream
with the following command:echo "This is a test" | sbc -u "sb://localhost;user=sbtest;password=sbtest" enqueue InputStream
In window 2, look for the tuple enqueued in window 3
-
Next, try to shut down the server without credentials. In window 3, type:
sbadmin shutdown
Without credentials, the server refuses the shutdown request:
sbadmin: sb://localhost:10000/: AuthenticationException: Authentication failure. Method: STATUS, user: null
-
Now try to shut down the server with the credentials for the sbtest user:
sbadmin -u "sb://localhost;user=sbtest;password=sbtest" shutdown
Server shutdown is restricted to users with the SBAdmin role, so this command also fails:
sbadmin: sb://localhost:10000/: AuthenticationException: Authentication failure. Method: SHUTDOWN, user: sbtest
-
Finally, shut down the server with the credentials for an administrative user:
sbadmin -u "sb://localhost:10000;user=sbmanager;password=sbmanager" shutdown
This time, the command succeeds. Look for a
StreamBaseServer shut down
message in window 1. -
Run
deleteuser.bat
to delete the users and groups added to Active Directory byadduser.bat
.
In StreamBase Studio, import this sample with the following steps:
-
From the top menu, select
→ . -
Select this sample from the Applications list.
-
Click OK.
StreamBase Studio creates a project for the sample.
When you load the sample into StreamBase Studio, Studio copies the sample project's files to your Studio workspace, which is normally part of your home directory, with full access rights.
Important
Load this sample in StreamBase Studio, and thereafter use the Studio workspace copy of the sample to run and test it, even when running from the command prompt.
Using the workspace copy of the sample avoids permission problems. The default workspace location for this sample is:
studio-workspace
/sample_ldap-authentication
See Default Installation Directories for the default location of studio-workspace
on your system.
In the default TIBCO StreamBase installation, this sample's files are initially installed in:
streambase-install-dir
/sample/ldap-authentication
See Default Installation Directories for the default location of studio-workspace
on your system.