Hitachi Vantara Pentaho Community Forums
Results 1 to 3 of 3

Thread: LDAP Auth not working

  1. #1
    Join Date
    May 2008
    Posts
    14

    Default LDAP Auth not working

    Hello Everybody,

    I'm new in Pentaho, our company wants to use it to generate reports for our business processes which run under jBPM.
    I have installed a version of Pentaho for testing and I now know how to generate reports, but as I don't need memory authentication, I want to bind Pentaho to our LDAP directory, I did some changes but when I try to log in it says: "Bad Credentials" or something like that. Next on, what changes I did, are those changes enough, what did I missed to do?

    WEB.XML file

    I just changed this:
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext-acegi-security.xml /WEB-INF/applicationContext-common-authorization.xml /WEB-INF/applicationContext-acegi-security-memory.xml /WEB-INF/applicationContext-pentaho-security-memory.xml</param-value>
    </context-param>


    from memory to ldap, just two words:
    <param-value>/WEB-INF/applicationContext-acegi-security.xml /WEB-INF/applicationContext-common-authorization.xml /WEB-INF/applicationContext-acegi-security-ldap.xml /WEB-INF/applicationContext-pentaho-security-ldap.xml</param-value>
    </context-param>

    FILE: ./tomcat/webapps/pentaho/WEB-INF/applicationContext-pentaho-security-ldap.xml

    changed body <bean id="allUsernamesSearch" to point to my ldap users base dn:

    <bean class="com.pentaho.security.ldap.search.LdapSearchParamsFactoryImpl">
    <constructor-arg index="0"
    value="ou=People, o=usuarios,o=mycompany.gov.co" />
    <constructor-arg index="1" value="objectClass=Person" />
    </bean>

    in that leaf of ldap tree we have our users, so I guessed that is entry I had to put there (index 0), I find them there as uid= login I want them to use to log into Pentaho.

    File
    ./tomcat/webapps/pentaho/WEB-INF/applicationContext-acegi-security-ldap.xml

    <bean id="initialDirContextFactory"
    class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
    <constructor-arg index="0"
    value="ldap://ldap.mycompany.gov.co:389/" />
    <property name="managerDn" value="uid=admin,ou=system" />
    <property name="managerPassword" value="secret" />
    </bean>


    There Just changed index 0 value to my ldap server URL and port to: ldap://ldap.mycompany.gov.co:389/

    Are there any other changes mandatory to do? What did I miss? What did I do wrong?

    Thans In Advanced,

  2. #2

    Default

    You may need to change the roles that have access to the different objects in Pentaho to match what is returned from your LDAP service.

    What does your server log say?

    I would look at the file:
    applicationContext-acegi-security.xml

    The section of xml you may need to modify is:

    <property name="objectDefinitionSource">
    <value>
    <![CDATA[
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    \A/login.*\Z=Anonymous,Authenticated
    \A/j_acegi_security_check.*\Z=Anonymous,Authenticated
    \A/getmondrianmodel.*\Z=Anonymous,Authenticated
    \A/getimage.*\Z=Anonymous,Authenticated
    \A/getresource.*\Z=Anonymous,Authenticated
    \A/admin.*\Z=Admin
    \A/auditreport.*\Z=Admin
    \A/auditreportlist.*\Z=Admin
    \A/versioncontrol.*\Z=Admin
    \A/propertieseditor.*\Z=Admin
    \A/propertiespanel.*\Z=Admin
    \A/subscriptionadmin.*\Z=Admin
    \A/resetrepository.*\Z=Admin
    \A/viewaction.*solution.admin.*\Z=Admin
    \A/scheduleradmin.*\Z=Admin
    \A/publish.*\Z=Admin
    \A/logout.*\Z=Anonymous
    \A/.*\Z=Authenticated
    ]]>
    </value>
    </property>
    BizCubed Pty Ltd
    Australian Pentaho Partner

  3. #3
    Join Date
    Oct 2006
    Posts
    817

    Default

    If the error is "Bad credentials," then the authentication is failing and no authorization checks have yet to occur. While zach is correct that the roles granted to the users in your LDAP server will need to agree with roles used in authorization rules within Pentaho, I don't believe you're even getting to the authorization rules yet.

    I would focus on getting the userSearch bean in applicationContext-acegi-security-ldap.xml correct. Do this by executing your queries in a tool such as Apache Directory Studio first. Once you're satisfied, copy them over and run Pentaho. Turn on security logging too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.