Database Reference
In-Depth Information
Figure 8-20. Creating an ACE in the Java Admin Client
Realms
As previously mentioned, the Security Manager in eXist permits pluggable modules
that provide an authentication
realm
to the system. eXist comes with a default built-
in internal realm that authenticates users and groups whose details are stored in a set
of protected XML documents in the database.
In addition to the built-in internal realm, some more complex realm modules are
available; these allow integration with authentication systems external to eXist. Each
module is expected to provide a single authentication realm. You enable the configu‐
ration of these modules by modifying the following document in the database:
/db/
system/security/config.xml
. When multiple realms are configured, eXist will always
consult its internal realm first, and then each additional realm in the order in which
they are configured in the
config.xml
document. eXist's internal realm cannot be dis‐
abled, as it is required for the correct functioning of the system; however, you need
not keep any user accounts in it apart from the built-in accounts of
SYSTEM
,
admin
,
and
guest
that ship with eXist.
LDAP Realm Module
The Lightweight Directory Access Protocol (LDAP) realm module allows you to
authenticate users of eXist against an LDAP directory. While traditionally LDAP was
used in larger organizations for centralized user management, Microsoft's Active
Directory (AD) technology (among other technologies) is built upon it.
The LDAP module in eXist is very flexible and can be configured to authenticate
against almost any LDAP directory server, including domain controllers within a
Microsoft Active Directory domain configuration. The LDAP module is shipped with
Search WWH ::
Custom Search