How to restrict participant on connecting to Domain

Bhas · February 5, 2025, 5:27am

Hi, I am new to Canton, and I want to how we can restrict the certain participant on connecting to domain
I have below as the domain.conf and participant1.conf
canton {
domains {
mydomain {
admin-api {
address = “0.0.0.0”
port = 5021
}
public-api {
address = “0.0.0.0”
port = 5022
}
storage = {
type = memory
}
}
}
}

canton {
participants {
participant1 {
admin-api.port = 5011
admin-api.address = “0.0.0.0”
ledger-api {
address = “0.0.0.0”
port = 5012
}
storage = {
type = memory
}
}
}
}

I have 2 more participants.conf file but I want to deny access of participant 3 on connecting to domain when they tries to connect

WallaceKelly · February 5, 2025, 5:01pm

Hi, @Bhas!

Does the Permissioned Synchronization Domains section answer your question?

…sync domains can also be permissioned , where the operator of the sync domain topology managers needs to explicitly add the participant to the allow-list before the participant can register with a sync domain.

Bhas · February 10, 2025, 9:33am

Hi @WallaceKelly
I have added this piece of code in domain.conf but it is giving below error

canton {
  domains {
    mydomain {
      admin-api {
        address = "0.0.0.0"
        port = 5021
      }
      public-api {
        address = "0.0.0.0"
        port = 5022
      }
      storage = {
        type = postgres
        config {
          dataSourceClass = "org.postgresql.ds.PGSimpleDataSource"
          properties = {
            user = "canton"
            password = "canton"
            databaseName = "domain"
            serverName = "postgres"
            portNumber = 5432
          }
        }
      }
    }
  }
  domain-managers.domainManager1.topology.open = false
}

ERROR c.d.c.CantonCommunityApp$ - GENERIC_CONFIG_ERROR(8,0): Cannot convert configuration to a config of class com.digitalasset.canton.config.CantonCommunityConfig. Failures are:
  at 'canton.domain-managers':
    - (/canton/canton-node/domain.conf: 27) Unknown key.
 err-context:{location=CantonConfig.scala:1521}

could you please provide me the template of conf file with all allowed keys

WallaceKelly · February 10, 2025, 4:21pm

@bhas, Can you check the version of Canton you are seeing this error on?

For example, the Permissioned Synchronization Domains feature is only included in the Enterprise edition:

Important
Daml Enterprise license required

Bhas · February 10, 2025, 4:24pm

Oh, Okay got it I was referring to the version 2.7.9, thanks for confirmation.

Topic		Replies	Views
How can a participant connect to 2 different domain? Canton Network canton	6	335	June 9, 2023
Not able to connect to canton domain Questions canton	9	751	April 7, 2021
How to connect participant to a domain running on a remote machine? Questions canton	3	382	November 26, 2021
Is it possible to connect Single Participant node to Multiple Sync domain Questions canton	9	37	February 24, 2025
Changing Domain Connection Config Questions canton	6	288	April 27, 2023

How to restrict participant on connecting to Domain

Related topics