Relativity Server Concepts
From RemObjects Wiki
This is a Data Abstract Relativity Server topic
Feel free to add your notes to this topic below.
NOTE: This is article is a work in progress and not finished yet.
Unless you are the author, please do not make changes or rely yet on information presented in this article.
When done, the author should change the first line from wip to wipr to show that the page is ready for review.
If you have suggestions for this page, please send them to us: email.
Contents |
Concepts
Relativity instance can be accessed via default or custom channel.
Default channel
Default Relativity channel accepts both plain Http and SuperHttp (starting from the Spring 2012 release) connections. Is listening on port 7099 by default.
Custom channel
Server channel configured via Relativity AdminTool. By default custom channel is configured as Simple Http channel listening on port 7100 and working via Bin message.
Custom channel can be configured to be one of these channel types:
- Http (simple Http channel)
- SuperHttp (SuperHttpServer channel)
- HttpSys (simple Http channel that uses IIS to retrieve requests; Windows only)
- SuperHttpSys (SuperHttp channel that uses IIS to retrieve requests; Windows only)
- Tcp (simple Tcp-based channel)
- SuperTcp (SuperTcp channel)
- NamedPipe (Named Pipes-based server channel; Windows only and local network.)
The Super channels have some overhead, but provide more functionality (e.g. push notifications) than the simple alternatives. If you you don't need those features, the simple channels have less overhead.
If you point Default and Custom channels on same port, Custom channel will be disabled.
Each Relativity server exposes 3 services: AdminService (registered in ZeroConf environment as Relativity_AdminService), LoginService and DataService (registered in ZeroConf environment as Relativity_DataService).
All schemas with available connections served by Relativity are grouped into Domains
Domain
One or more schemas sharing common DataService settings (like AllowDataAccess, AllowDynamicSelect etc), connections list, data streamer type and login provider (see below)
Domain settings available:
- Domain name
- AllowDataAccess
- AllowDynamicSelect
- AllowDynamicWhere
- AllowExecuteCommands
- AllowExecuteSQL
- AllowUpdates
- ProcessAllDeltas
Connection manager settings available:
- Enable DataAbstract connection pooling
- Enable ADO.NET connection pooling
- Set connection pool size (default is 0, which means connection pool of infinite size)
DataStreamer types available:
- Bin2DataStreamer (most advanced one, recommended for use)
- BinDataStreamer
- JSON data streamer
Schema
DataAbstract Schema that is served by Relativity
If your Domain has more than 1 connection please set ConnectionName for Schema objects statements. You can specify necessary connection for the given schema by setting connection name or connection type.
Connections
Each domain can have one or more connections it sees and manages. The connections are shared by all schemas in the domain. A connection from one domain is not available in another domain.
Login provider
There are three levels of login providers
- Data Access Login Provider [Per domain] - Gives access to the data - The login used in DataAccessService.
- Developer Login Provider [Per domain] - Allows for schema creation / deleting / editing and retrieve information about the underlying database.
- Admin Login Provider [Per server] - Full access to the entire server. Can create and edit domains.
The Developer Login Provider is a bit more restricted than the Admin Login Provider. All secured data like connection passwords are forbidden for Developer Login, so it cannot create connections. Both the Developer and Admin login providers use the AdminService. The Data Access Login Provider can only access the data.
Component that validates user credentials. Available Login Provider types:
- StaticLoginProvider (uses static list of users, most simple of all)
- DbCommandLoginProvider (uses command defined in one of domain Schemas to validate user credentials)
- DbTableLoginProvider (uses data table defined in one of domain Schemas to validate user credentials)
- LdapLoginProvider (uses LDAP to validate user credentials)
See below more detailed description of available LoginProvider types
Only StaticLoginProvider and LdapLoginProvider provider can be used to validate access to Admin Login Provider.
Security Settings
There are 4 predefined types of Login Providers:
- StaticLoginProvider - uses static list of users, most simple of all. Available properties:
- Users – list of registered users. Each uses has these properties:
- Name
- Password
- Security roles (currently used only if Login Provider is used to validate AdminService access – in this case it holds ';'-separated list of allowed domains)
- DbCommandLoginProvider - uses command defined in one of Domain Schemas to validate user credentials. Available properties:
- Schema command name – name of command defined in one of the Domain Schemas. Command should accept 2 'In' parameters (username and password) and return 1 if provided user credentials are valid and 0 in the other case
- DbCommandLoginProvider - uses data table defined in one of Domain Schemas to validate user credentials. Available properties:
- Schema Table name – name of table defined in one of the Domain Schemas. To validate provided credentials LoginProvider tries to select a row from this row with provided username and password.
- UserName field – name of field in SchemaTable that holds user names
- Password field – name of field in SchemaTable that holds user passwords
You can find more about this LoginProvider in this article.
- LdapLoginProvider - uses LDAP to validate user credentials. Most advanced and compex LoginProvider of all. Available properties:
| | |
|---|---|
| LDAP Server hostname | Name or IP address of the LDAP server |
| LDAP Server port | Port being listened by the LDAP server.
Default value of this property is 389 |
| Use SSL | Defines whether SSL-protected connection should be used to communicated with the LDAP server. By default this option is turned off. |
| Path to SSL Certificate file | Name of the file containing SSL certificate. This property is used only when the Use SSL property is set to true |
| LDAP Login DN | Distinguished Name used to connect to the LDAP server, for example uid=ldapuser,ou=internal,dc=myserver,dc=com |
| LDAP Login Password | Password used to connect to the LDAP server |
| User Search Base DN | Distinguished Name name of the LDAP node that contains user LDAP entities, for example ou=users,dc=myserver,dc=com |
| User Group name | Defines name of the LDAP group all LDAP users should belong to. When this property is set to a non-empty value a user have to be member of the LDPA group with corresponding name to be able to successfully log on.
Default value of this parameter is an empty string. |
| User Filter | Expression used to find user LDAP entities. Default value of this parameter is (objectClass=inetOrgPerson). |
| User Field Id | Name of LDAP field that is used as user name. Default value of this parameter is uid. |
| Group Search Base DN | Distinguished Name of LDAP node that contains user groups, for example ou=groups,dc=myserver,dc=com |
| Group Filter | Expression used to find user group LDAP entities. Default value of this parameter is (objectClass=groupOfNames). |
| Name of Group with root access | When a user being logged in belong to the LDAP group with provided name he is granted full administrative access. Default value of this parameter is root. |
| Group Field Id | Name of LDAP field that is used as group name. Default value of this parameter is cn. |
| Group Field Member | Name of LDAP field that contains links to LDAP users. Default value of this parameter is member.
} |
