US and Worldwide: +1 (866) 660-7555
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Administration Console Not displaying user/role from LDAP

  1. #1

    Post Administration Console Not displaying user/role from LDAP

    I am using Pentaho BI server 3.5. I have successfuly configured Authentication through LDAP (OpenLDAP).

    Users login to the Pentaho User Console via LDAP, but somehow in the Pentaho Administration Console, I don't see the users/groups from LDAP that Pentaho BI server is using. It keeps displaying the default user/groups (joe ....)

    I didn't find anything on the wiki that I should configure to tell the Administration Console that my users aren't in RDB but in LDAP. Have I missed something ?

    Thanks in advance.

    Adrien

  2. #2
    Join Date
    Apr 2008
    Posts
    2,571

    Default

    I have the same issue, but ignore it because all my user (or group) add / change is done by the LDAP tools.

  3. #3

    Default

    Quote Originally Posted by gutlez View Post
    I have the same issue, but ignore it because all my user (or group) add / change is done by the LDAP tools.
    That's what I do as well, but I believe it should be possible to tell the Administration Console to look somewhere else. When starting the administration console I noticed this messages :

    Code:
    17 nov. 2009 08:49:33 org.hibernate.cfg.Configuration addResource
    INFO: Reading mappings from resource : PentahoUser.hbm.xml
    17 nov. 2009 08:49:33 org.hibernate.cfg.Configuration addResource
    INFO: Reading mappings from resource : PentahoRole.hbm.xml
    17 nov. 2009 08:49:33 org.hibernate.cfg.Configuration doConfigure
    INFO: Configured SessionFactory: null
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.runtime.RuntimeElement -> RTELEMENT
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.runtime.RuntimeElement.paramMapSS -> SSPARAMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.runtime.RuntimeElement.typesMap -> PARAMTYPESMAP
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.runtime.RuntimeElement.paramMapLS -> LSPARAMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.runtime.RuntimeElement.paramMapDT -> DTPARAMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.runtime.RuntimeElement.paramMapBD -> BDPARAMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.runtime.RuntimeElement.paramMapLong -> LNGPARAMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.runtime.RuntimeElement.paramMapCPLX -> CPLXPARAMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.content.ContentLocation -> CONTENTLOCATION
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.content.ContentItem -> CONTENTITEM
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.content.ContentItemFile -> CONTITEMFILE
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.content.BackgroundExecutedContentId -> BGCONTENTID
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.subscription.Schedule -> PRO_SCHEDULE
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.subscription.Subscription -> PRO_SUBSCRIBE
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.subscription.Subscription.schedules -> PRO_SUBS_SCHEDLIST
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.subscription.Subscription.parameters -> PRO_SUBSCRPARMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.subscription.SubscribeContent -> PRO_SUBCONTENT
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.subscription.SubscribeContent.schedules -> PRO_SUBCONT_SCHEDLIST
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.subscription.SubscribeContent.parameters -> PRO_SUBCONTPARMS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.solution.dbbased.RepositoryFile -> PRO_FILES
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.repository.solution.dbbased.RepositoryFile.accessControls -> PRO_ACLS_LIST
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.datasource.Datasource -> DATASOURCE
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.repository.usersettings.pojo.UserSetting -> USER_SETTINGS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.engine.security.userroledao.PentahoUser -> USERS
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.engine.security.userroledao.PentahoUser.roles -> GRANTED_AUTHORITIES
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindRootPersistentClassCommonValues
    INFO: Mapping class: org.pentaho.platform.engine.security.userroledao.PentahoRole -> AUTHORITIES
    17 nov. 2009 08:49:33 org.hibernate.cfg.HbmBinder bindCollection
    INFO: Mapping collection: org.pentaho.platform.engine.security.userroledao.PentahoRole.users -> GRANTED_AUTHORITIES
    Adrien

  4. #4

    Default

    You aren't supposed to see the users in the admin console, if you offload the security to ldap administration is performed within your ldap server. You still get a list of users and groups when setting permissions within the user console
    This is a signature.... everyone gets it.

    Join the Unofficial Pentaho IRC channel on freenode.
    Server: chat.freenode.net Channel: ##pentaho

    Please try and make an effort and search the wiki and forums before posting!
    Checkout the Saiku, the future of Open Source Interactive OLAP(http://analytical-labs.com)


  5. #5

    Default

    Quote Originally Posted by bugg_tb View Post
    You aren't supposed to see the users in the admin console, if you offload the security to ldap administration is performed within your ldap server. You still get a list of users and groups when setting permissions within the user console
    Hi bugg_tb, thanks for your help !

    OK, if I understand you correctly, the Pentaho Administration Console is not able to display user/role if the aren't stored in Hibernate/USERS table. I though that when using LDAP, I could'nt add/remove/update user/role in the Administration Console. Didn't understood that I could'nt even see them. I find it strange to be able to list them in Pentaho User Console (when changing access rights for example) and not beeing able to do the same in the Admin Console.

    Right now, the Administration Console still fetches user/role in USERS hibernate Table. How do I disable this ? I have tried removing the USERS table, but it came back after restarting (Pentaho BI server or Pentaho Administration I am not sure).

    Thanks in advance.

    Adrien

  6. #6

    Default

    Quote Originally Posted by afutschik View Post
    I find it strange to be able to list them in Pentaho User Console (when changing access rights for example) and not beeing able to do the same in the Admin Console.
    Why, what purpose would it serve?

    Right now, the Administration Console still fetches user/role in USERS hibernate Table. How do I disable this ? I have tried removing the USERS table, but it came back after restarting (Pentaho BI server or Pentaho Administration I am not sure).
    No idea, I just leave it populated with the defaults
    This is a signature.... everyone gets it.

    Join the Unofficial Pentaho IRC channel on freenode.
    Server: chat.freenode.net Channel: ##pentaho

    Please try and make an effort and search the wiki and forums before posting!
    Checkout the Saiku, the future of Open Source Interactive OLAP(http://analytical-labs.com)


  7. #7

    Default

    Quote Originally Posted by bugg_tb View Post
    Why, what purpose would it serve?
    It would make sence to have a single "place" to centralized admin tasks, would'nt it ? I mean, why does the Administration Console provide a "Users & Roles" tab if this one can not be used ?

    Never mind, I just wanted confirmation that I didn't forget/miss something from the Administration Console configuration part. But, it looks like this is supposed to work like this.

    Thanks again for your quick answers bugg_tb.

    Adrien

  8. #8
    Join Date
    Mar 2003
    Posts
    7,997

    Default

    LDAP sadly is not necessarily a thing that is safe to write to. Every vendor and organization has a slightly different way to setup users and roles, and some, like Microsoft's Active Directory, even outright deny that their implementation is LDAP.

    Usually, within your organization, you already have a good set of tools and processes to define users and roles. Although we can provide our vision of how users and roles should be defined, it would add little to no additional value and the resources for that project can be better spend on something more productive.

    I guess the users and roles tab should not be shown if you use external security providers like LDAP in the BI-Server. Why not file a bug to make this tab go away for these cases?
    Get the latest news and tips and tricks for Pentaho Reporting at the Pentaho Reporting Blog.

  9. #9

    Default

    Quote Originally Posted by Taqua View Post
    I guess the users and roles tab should not be shown if you use external security providers like LDAP in the BI-Server. Why not file a bug to make this tab go away for these cases?
    Thanks Taqua.

    That's exactly what I though as well. I will file a JIRA case.

    Adrien

  10. #10

    Default

    Sounds like you guys were ahead of me.
    I switched the bi-server-ce to use LDAP, but the PAC kept trying to login using anonymousUser.

    Even when I modify the console.xml by specifying <platform-username> to one that existed ini LDAP.

    What gives?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •