Security Config (security.ncconf)

Every server node keeps security information for operations that require administrative privileges. Alachisoft.NCache.Security.dll at the server node and it is required to provide node-level security services to all users, security.ncconf allows users to manage node-level security.

NCache uses pure LDAP Service for the authentication of users. This config file specifies the LDAP path for distributed directory information services over an IP network. The user should exist under a given domain in LDAP. For more information, see Lightweight Directory Access Protocol.

Note

You will find security.ncconf at %NCHOME%\config in Windows or /opt/ncache/config in Linux.

Security Config Syntax

The security configuration file is explained below.

<cache-security enabled="True">
    <ldap host="yourprimarydomain" port="389"/>
    <ldap-secondary host="yoursecondarydomain" port="389"/>
    <administrators>
        <group id="Engineers" dn="CN=Engineers,OU=DiyatechStaff,DC=diyatech,DC=org,DC=pk"/>
    </administrators>
</cache-security>

Understanding the Cache Config Tags

The following section explains the tags mentioned as part of the file syntax.

<cache-security>

This tag specifies whether cache security is enabled.

<cache-security enabled="True">
  • enabled: Determines if security is enabled or not (True/False). The default value is False.

<ldap>

This tag keeps information about the primary domain controller for your applications.

<ldap host="yourprimarydomain" port="389"/>

  • host: Specifies the name/IP of the primary domain controller for the users.

  • port: Specifies the port on which the primary domain controller is running.

<ldap-secondary>

This tag specifies the information about the secondary domain controller for your application.

<ldap-secondary host="yoursecondarydomain" port="389"/>

  • host: Specifies the name/IP of the secondary domain controller for the users.

  • port: Specifies the port on which the secondary domain controller is running.

<administrators>

This tag keeps a list of users having rights on all node-based and API-based operations.

<administrators>
    <group id="Engineers" dn="CN=Engineers,OU=DiyatechStaff,DC=diyatech,DC=org,DC=pk"/>
</administrators>

<group>

This sub tag identifies the groups and their organizational and domain level details.

<group id="Engineers" dn="CN=Engineers,OU=DiyatechStaff,DC=diyatech,DC=org,DC=pk"/>

  • id: Specifies the Users or Groups on which we want to configure the settings.

  • dn: Specifies the base DN (Distinguished Name) for searching LDAP entries and narrowing the search scope within the LDAP directory.

    • CN: Specifies the name of the Users or Groups.

    • OU: Specifies the organizational unit of the Users or Groups mentioned above.

    • DC: Specifies the Domain Controllers for the above Users or Groups.

See Also

Cache Config
Client-side Configurations
Bridge Config
Client-side Configurations