If you have users that should absolutely be able to get a license at all times, use white, black, and priority lists to configure their access. Floating License Server administrator can use username, hostname and other parameters to restrict user access to licenses.
To configure user restrictions, create a access-config.json file containing access rules:
Then, tell FLS to use it:
Whitelist defines who is allowed to obtain licenses from your instance of FLS.
- Empty Whitelist
- Anyone not on the blacklist.
- Non-empty Whitelist
- Only users from the whitelist.
Blacklist defines who is not allowed to obtain licenses from your instance of FLS.
- Empty Blacklist
- Anyone on the whitelist.
- Non-empty Blacklist
- Only users from the whitelist that are not blacklisted.
Priority list is a separate section, it has the same format as black or whitelist - it must contain either username, or hostname, or both. In the last case, the server will check strict matching for the pair.
The algorithm of licenses requests handling if the access configuration file has the priority section:
If there are available licenses on the server suiting an IDE request and a user is not blacklisted - the IDE gets the ticket subject to standard procedure.
If there are no available licenses but the user is listed in the priority section - the floating server revokes one of the already occupied licenses and will grant it to the prioritized user. By default, the ticket whose "last-seen" is the oldest, will be revoked. This mechanism is not configurable.
LDAP integration is enabled via the configuration file along with other rules:
In this example the first section describes connection parameters and IntelliJ IDEA license will be granted only to users with usernames found in LDAP conf.
Multiple filters are supported:
If the integration is configured correctly during the license server's start there will be output (also in license-server-stdout.log):
In whitelist section there is a product and
"matchCondition" rule. FLS compares the username in the
"obtainLicense" request sent by a product with usernames found in LDAP
- Parameters in access config file for products rules
product- available for black/white/priority lists and for LDAP rules
userName- for non LDAP rules
hostName- for non LDAP rules
buildNumber- available for black/white/priority lists and for LDAP rules (available from build #17768)
ldap- object with parameters to LDAP connect (available from build #17768)
matchCondition- for LDAP rules only.
ip- for non LDAP rules (available from build #18692)
checkLicenseOnly- make the rule's "product" parameter to be checked only against license product name and code, without an additional check of covered products. Value can be
false(available from build #19340)
- Parameters for LDAP integration credentials
Codes and descriptions of licenses types which could be used in
Name of Product/Pack
Example with code
Example with name
All Products Pack
In this case, a user WILL GET a license if:
The hostname is not
Or username is not listed;
Or username is like
Or username is like
Or product is not ReSharper;
Or product is ReSharper but 2017.2 / 2016.1 and so on.
A user WILL NOT GET a license if:
They are among
(username1|username3|katya), but hostname differs;
Or the user asks for anything but ReSharper;
Or for ReSharper but not version release 2017.3
Also, nothing will be available for other users although there is no separate blacklist section.
In this case:
username2- as well as users not listed in any section at all - will not get any license, because priority is given to whitelist rule.
If you need to restrict the access to anybody but
(username3|username4|katya)and allow other users to keep on using other products - you need to remove the whitelist section and add a new one to the blacklist. To match users use regular expressions, etc:"product": "GO 2017.3", "userName": "((?!username3|username4|katya).)*"this rule will reject requests from all users who are not matched by usernames.
In this case,
user2 will get ReSharper only from single ReSharper licenses. Requests for other products from ReSharper Ultimate pack will fail and neither ReSharper Ultimate nor All Products Pack license will be given.