US and Worldwide: +1 (866) 660-7555
Results 1 to 5 of 5

Thread: Pentaho 7 Active Directory Intergration

  1. #1
    Join Date
    Jun 2015
    Posts
    5

    Default Pentaho 7 Active Directory Intergration

    Hi all,
    My environment : Windows server 2008 R2 , pentaho-business-analytics-7.0.0-25-x64 installed .
    I followed instruction here : https://help.pentaho.com/Documentati...d_Security/000
    but it doesn't work, I pass step 7 but seem not pass step 8 & 9 , how do I know if I set it right ?
    Here some information :
    1.jpg
    2.jpg
    3.jpg
    4.jpg
    5.jpg
    Last edited by rocklee44; 05-11-2017 at 06:03 AM.

  2. #2
    Join Date
    Jun 2015
    Posts
    5

    Default

    6.jpg
    7.jpg
    8.jpg
    Please give me some advice.
    Thank you very much.

  3. #3
    Join Date
    Nov 2009
    Posts
    502

    Default

    You are using the EE edition so I asume that you are a Pentaho client . Then you can use the helpdesk of Pentaho

  4. #4
    Join Date
    Jun 2015
    Posts
    5

    Default

    Hi Johan,
    I'm newbie at Pentaho , I don't really understand what mean "EE edition" , where can I use "the helpdesk of Pentaho" ?
    However, I follow a guide at http://ramathoughts.blogspot.com/201...ory-in-10.html and my process has some evolved .
    Here my configuration files
    applicationContext-security-ldap.properties
    contextSource.providerUrl=ldap://192.168.0.3:389
    contextSource.userDn=CN=Pham Huynh Minh Chuong,OU=Users,OU=ICT,OU=SGN,OU=Central Management,DC=itl,DC=com
    contextSource.password=*******

    userSearch.searchBase=OU=Central Management,DC=itl,DC=com
    userSearch.searchFilter=(sAMAccountName={0})

    populator.convertToUpperCase=false
    populator.groupRoleAttribute=cn
    populator.groupSearchBase=OU=Central Management,DC=itl,DC=com
    populator.groupSearchFilter=(member={0})
    populator.rolePrefix=
    populator.searchSubtree=true

    allAuthoritiesSearch.roleAttribute=cn
    allAuthoritiesSearch.searchBase=OU=Central Management,DC=itl,DC=com
    allAuthoritiesSearch.searchFilter=(objectClass=group)

    allUsernamesSearch.usernameAttribute=sAMAccountName
    allUsernamesSearch.searchBase=OU=Central Management,DC=itl,DC=com
    allUsernamesSearch.searchFilter=objectClass=Person

    adminRole=CN=PentahoAdmin,OU=EXO,OU=Central Management,DC=itl,DC=com
    adminUser=sAMAccountName=jack.chuong
    pentaho.xml
    <acl-publisher>
    <!--
    These acls are used when publishing from the file system. Every folder
    gets these ACLS. Authenticated is a "default" role that everyone
    gets when they're authenticated (be sure to setup your bean xml properly
    for this to work).
    -->
    <default-acls>
    <acl-entry role="jack.chuong" acl="FULL_CONTROL" /> <!-- Administrator users get all authorities -->
    <!--acl-entry role="cto" acl="FULL_CONTROL" /--> <!-- CTO gets everything -->
    <acl-entry role="dev" acl="EXECUTE_SUBSCRIBE" /> <!-- Dev gets execute/subscribe -->
    <acl-entry role="Authenticated" acl="EXECUTE" /> <!-- Authenticated users get execute only -->
    </default-acls>
    <!--
    These acls are overrides to specific file/folders. The above default-acls will
    be applied and then these overrides. This allows for specific access controls to
    be loaded when the repository if first populated. Futher changes to acls can be
    made in the platform GUI tool. Uncomment these and change add or delete to your hearts desire -->
    <overrides>
    <file path="/pentaho-solutions/admin">
    <acl-entry role="Administrator" acl="FULL_CONTROL" />
    </file>
    </overrides>
    <!--
    <overrides>
    <file path="/pentaho-solutions/samples/bursting">
    <acl-entry role="Administrator" acl="FULL_CONTROL" />
    <acl-entry role="cto" acl="SUBSCRIBE_ADMINISTRATION" />
    <acl-entry role="dev" acl="EXECUTE_SUBSCRIBE" />
    <acl-entry role="Authenticated" acl="NOTHING" />
    </file>
    <file path="/pentaho-solutions/samples/datasources/MDX_Datasource.xaction">
    <acl-entry role="Administrator" acl="FULL_CONTROL" />
    <acl-entry role="cto" acl="FULL_CONTROL" />
    <acl-entry role="dev" acl="EXECUTE_SUBSCRIBE" />
    <acl-entry role="Authenticated" acl="EXECUTE" />
    </file>
    </overrides>
    -->
    </acl-publisher>
    <acl-voter>
    <!-- What role must someone be in to be an ADMIN of Pentaho -->
    <admin-role>Administrator</admin-role>
    </acl-voter>
    pentaho-spring-beans.xml
    <import resource="pentahoSystemConfig.xml" />
    <import resource="adminPlugins.xml" />
    <import resource="systemListeners.xml" />
    <import resource="repository.spring.xml" />
    <import resource="applicationContext-spring-security.xml" />
    <import resource="applicationContext-spring-security-superuser.xml" />
    <import resource="applicationContext-pentaho-security-superuser.xml" />
    <import resource="applicationContext-common-authorization.xml" />
    <import resource="applicationContext-spring-security-memory.xml" />
    <import resource="applicationContext-pentaho-security-memory.xml" />
    <import resource="applicationContext-spring-security-ldap.xml" />
    <import resource="applicationContext-pentaho-security-ldap.xml" />
    <!--import resource="applicationContext-pentaho-security-jackrabbit.xml" />
    <import resource="applicationContext-spring-security-jackrabbit.xml" /-->
    <import resource="applicationContext-pentaho-security-jdbc.xml" />
    <import resource="applicationContext-spring-security-jdbc.xml" />
    <import resource="pentahoObjects.spring.xml" />
    security.properties
    provider=ldap
    requestParameterAuthenticationEnabled=false

    # This flag indicates whether or not UserDetailsService is called during creation of user's principal.
    # If the service is external (e.g. LDAP or JDBC-based auth is used) then such calls can be expensive.
    # On the other hand, if user has been removed within external service, then it becomes impossible to
    # prevent principal creation when the verification is muted
    skipUserVerificationOnPrincipalCreation=true
    My domain users can login to http://localhost:8080/pentaho/Login , but I cannot do anything with Administration / Users & Roles
    9.jpg
    10.jpg
    How can I make a domain user become Pentaho Administrator with full permission , map all domain users and group to Pentaho so I can grant them permissions ?
    Attached Files Attached Files
    Last edited by rocklee44; 05-12-2017 at 04:22 AM.

  5. #5
    Join Date
    Jun 2015
    Posts
    5

    Default

    I add more configuration files.
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •