You can use the authentication provided by Datameer or use a remote authentication system such as LDAP or Active Directory.
To use remote authentication, you might need to write a plug-in. There is a plug-in tutorial available. See the Developer's Guide for details. If a plug-in already exists, you might be able to configure it from the Admin tab by selecting Plug-in in the left column. If the plug-in can be configured, there is a Configure link available. The options available are determined by the person who wrote the plug-in.
When you use internal authentication, you are authenticating against the list of users and groups that you set up with the Admin tab.
Whether authenticating using the user interface or through REST, the default login security gives each user name three attempts. A CAPTCHA on Datameer's user interface login screen is required for each additional attempt after three unsuccessful attempts by a user to authenticate. The
failed.login.attempts.max=3 property value can be updated in the
default.properties. The CAPTCHA security feature can be disabled by setting the login attempts to "0".
Configuring LDAP/Active Directory authentication
To set up authentication:
- Click the Admin tab at the top of the page.
- Click the Authentication tab in the left column.
- Click Edit and click Remote Authentication System. Choose the authentication system and click Next.
- Provide the server information including the username and password Datameer uses to connect.
Update the field to enable paged results when a large amount of records (1000+) are being processed. The page size sets the amount of results per page.
- Click Query Options to set up additional filters and attributes such as user definition, email attribute, and others.
- Specify which groups to include or exclude.
- Click Save.
After saving changes to LDAP, the authentication screen allows the administrator to edit the specifications, set a cache refresh interval, or manually select to rebuild the cache by clicking Rebuild Cache.
Roles are solely maintained by Datameer. In Datameer, two (ADMIN, ANALYST) roles set as default with the option of customizing roles for users.
There is an option to activate a superuser account in your Datameer distribution. This account is a security measure for Datameer system administrators to correct misconfigurations (e.g., external authentication services not functioning) within Datameer if they are unable to do so with another account. This user is only designed to modify configurations in Datameer and is not suitable to be treated as a normal user who owns and runs Datameer jobs.
This superuser account is not enabled by default. To enable the superuser account, change the property
das.superuser.enabled= to the value "
true" in <Datameer install folder>/conf/default.properites. Save the file and restart Datameer.
If you want to disable security in Datameer, set the property
false in file
<Datameer install location>/conf/live.properties.
If you do this everyone has access to your system! Doing this only makes sense if you are working behind a firewall or in a secured environment.