Chapter 44. How to add a database login for a client

Prev	Part III. OGSA-DAI for deployers	Next

For some data resources e.g. relational and XMLDB data resources, you need to setup database usernames and passwords. The client will not provide their own, rather they will provide some form of credential, attributes or distinguished name. Here are a couple of examples of credentials:

/C=US/O=Music/OU=Band/L=Bangles/CN=susanna hoffs

OU=Tester, O=EPCC, EMAILADDRESS=shoffs@bangles.com, C=Testland, ST=Test, CN=test.ogsadai.org.uk

Each credential can map to exactly one username and password for a specific resource.

If you are not using security then the client will not provide a credential. You will still need to define a username and password though. We include a default option for such cases.

Mappings can be added using the permit command. This takes the following arguments:

dai.resource.id - ID of the data resource for which the mapping is to be added.
dai.dn - distinguished name specifying the mapping to be added. If omitted the default of ANY is used.

Note
If you are not using security them either omit this option or use the value ANY.

Note
In the server's logins file this corresponds to the wild-card *.
dai.user - username compliant with the database exposed by the data resource whose ID is the value of dai.resource.id
dai.password - password associated with the above username.

If using Tomcat, run:

$ ant -Dtomcat.dir=$CATALINA_HOME -Ddai.resource.id=RESOURCE-ID \
 -Ddai.dn=DN -Ddai.user=USER -Ddai.password=PASSWORD permit

For example

$ ant -Dtomcat.dir=$CATALINA_HOME -Ddai.resource.id=MyJDBCResource \
 -Ddai.dn="/C=US/O=Music/OU=Band/L=Bangles/CN=susanna hoffs" \
 -Ddai.user=someDBUser -Ddai.password=123xyz456 permit

If using the Globus Toolkit container, run:

$ ant -Dgt.dir=$GLOBUS_LOCATION -Ddai.resource.id=RESOURCE-ID \
 -Ddai.dn=DN -Ddai.user=USER -Ddai.password=PASSWORD -Ddai.target.gt=true permit

	Note
	Note that this takes an argument, `dai.target.gt` which has value `true`. This is so the command knows that the Globus Toolkit container and not Tomcat is being used.

For example

$ ant -Dgt.dir=$GLOBUS_LOCATION -Ddai.resource.id=MyJDBCResource \
 -Ddai.dn="/C=US/O=Music/OU=Band/L=Bangles/CN=susanna hoffs" \
 -Ddai.user=someDBUser -Ddai.password=123xyz456 -Ddai.target.gt=true permit

This command updates the OGSA-DAI server's logins file. The server's logins file is located in:

$CATALINA_HOME/webapps/wsrf/WEB-INF/etc/dai/logins.txt

if using Tomcat.

$GLOBUS_LOCATION/etc/dai/logins.txt

if using Globus Toolkit container.

The changes will take immediate effect without the need to restart the server.

	Tip
	As an alternative to specifying the arguments at the command-line you could use an ANT property file - see the FAQ Section N.3, “How can I avoid specifing lots of properties for ANT targets at the command-line?”.

Prev	Up	Next
Chapter 43. How to deploy an XMLDB resource	Home	Chapter 45. How to remove a database login for a client

	Note
	If you are not using security them either omit this option or use the value `ANY`.

	Note
	In the server's logins file this corresponds to the wild-card `*`.