Hitachi Vantara Pentaho Community Forums
Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: 3.5 CE Configuration for Active Directory

  1. #1
    Join Date
    Apr 2008
    Posts
    4,683

    Default 3.5 CE Configuration for Active Directory

    Hi All!

    I'm trying to configure 3.5CE-RC2 to authenticate with MS AD.

    I'm using
    http://wiki.pentaho.com/display/Serv...RC1)+2.x-3.0.x
    and
    http://wiki.pentaho.com/display/Serv...Security+3.5.x

    I found /biserver-ce/pentaho-solutions/system/applicationContext-security-ldap.properties which has most of the setup, but I can't make heads or tails of how to configure it to talk to my AD.

    Has anyone out there done this successfully?
    If so, what tips can you offer?

  2. #2
    Join Date
    Apr 2008
    Posts
    4,683

    Default

    http://wiki.pentaho.com/display/Serv...tive+Directory is closer to what I was hoping to find, but am still not quite there...

    How do I configure authentication?
    How do I set up the ACLs?

    I don't mind writing up what needs to be done to get this working... Once I get it working...

  3. #3

    Default

    Hello!

    What do you miss from http://wiki.pentaho.com/display/Serv...RC1)+2.x-3.0.x (the configuration example)? Are there a lot of changes in the LDAP config? I don't have a 3.5RC installation yet.

    Does it work "a bit" or not at all? Can you look at the network traffic between your BI server and the AD server using Wireshark or another TCP dump tool?

    The AD configuration, when ready, becomes the normal source of authentication data in the BI server. For example, the AD user name is the Pentaho user name, and in the ACL dialogs you get a list of users from the directory. At least that's how it works in 3.0.

    Regards

  4. #4
    Join Date
    Apr 2008
    Posts
    4,683

    Default

    At this point, it's not working at all.

    I can't figure out how to configure the .properties file correctly to be able to pull in the groups / usernames, and to configure who gets access to what.

    I can't make heads or tails of the Enable Logging page either.

  5. #5
    Join Date
    Apr 2008
    Posts
    4,683

    Default

    Ok, so after a bunch of reading, I am able to get authenticated, and I believe that I have my permissions set (relatively wide for now)

    But after logging in and getting passed to Home (Mantle), I get the following error. Pointers on where to go next?

    Code:
    17:18:41,670 WARN  [LoggerListener] Authentication event AuthenticationSuccessEvent: gutlez; details: org.springframework.security.ui.WebAuthenticationDetails@ef30: RemoteIpAddress: 192.168.0.4; SessionId: 18B31DC19F4F809EC2CCDA7ABDF83E19
    17:18:41,670 WARN  [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: gutlez; details: org.springframework.security.ui.WebAuthenticationDetails@ef30: RemoteIpAddress: 192.168.0.4; SessionId: 18B31DC19F4F809EC2CCDA7ABDF83E19
    17:18:41,717 ERROR [SolutionEngine] 22278cab-b3a0-11de-8595-cfbf3265aa64:SOLUTION-ENGINE:session-region-list.xaction: SolutionEngine.ERROR_0007 - Action sequence execution failed
    17:18:42,388 ERROR [[SolutionRepositoryService]] Servlet.service() for servlet SolutionRepositoryService threw exception
    java.lang.NullPointerException
            at org.pentaho.platform.repository.solution.SolutionRepositoryServiceImpl.getSolutionRepositoryDoc(SolutionRepositoryServiceImpl.java:393)
            at org.pentaho.platform.web.servlet.SolutionRepositoryService.dispatch(SolutionRepositoryService.java:152)
            at org.pentaho.platform.web.servlet.SolutionRepositoryService.doGet(SolutionRepositoryService.java:78)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
            at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
            at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
            at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.pentaho.platform.web.http.security.SecurityStartupFilter.doFilter(SecurityStartupFilter.java:85)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
            at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.pentaho.platform.web.http.security.RequestParameterAuthenticationFilter.doFilter(RequestParameterAuthenticationFilter.java:169)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
            at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
            at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
            at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter.doFilter(HttpSessionReuseDetectionFilter.java:134)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
            at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
            at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
            at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
            at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
            at org.springframework.security.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:99)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
            at org.pentaho.platform.web.http.filters.ProxyTrustingFilter.doFilter(ProxyTrustingFilter.java:212)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
            at org.pentaho.platform.web.http.filters.SystemStatusFilter.doFilter(SystemStatusFilter.java:60)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
            at org.pentaho.platform.web.http.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:113)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
            at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
            at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
            at java.lang.Thread.run(Unknown Source)

  6. #6

    Default

    I have no idea what the reason for the error you are seeing is.

    There are two kinds of accesses to the Active Directory if you did everything correctly:

    1. Authentication: this is where your login data are verified and the groups you belong to are fetched.
    2. Pentaho fetching the list of users and groups from the directory in order to be able to get and set ACLs.


    It is very well possible to screw up one of them but get the other one right.

    Did you look at dumps of the network traffic? They are very helpful.

    If your login succeeds but you just don't have the right to do anything, double-check if you are in an Active Directory group that was specified as an Admin group in the Spring Security/Acegi configuration.

  7. #7
    Join Date
    Apr 2008
    Posts
    4,683

    Default

    It's clearly a permissions issue...


    I followed the instructions on http://wiki.pentaho.com/display/Serv...ng+Default+ACL
    Now I can see the solutions in PUC, but not in the share context (which my user should be able to), and the http://localhost:8080/pentaho/PropertiesEditor still shows null for solutions.
    Last edited by gutlez; 10-08-2009 at 03:58 PM.

  8. #8
    Join Date
    Apr 2008
    Posts
    4,683

    Default

    Can anyone tell me what "allUsernamesSearch" in applicationContext-pentaho-security-ldap.xml does?

  9. #9

    Default

    Every morning recently I've woken up checked the missed threads and seen this one: I will post my config at some point... honest
    This is a signature.... everyone gets it.

    Join the Unofficial Pentaho IRC channel on freenode.
    Server: chat.freenode.net Channel: ##pentaho

    Please try and make an effort and search the wiki and forums before posting!
    Checkout the Saiku, the future of Open Source Interactive OLAP(http://analytical-labs.com)

    http://mattlittle.files.wordpress.co...-bananaman.jpg

  10. #10
    Join Date
    Apr 2008
    Posts
    4,683

    Default

    Well, I'll keep posting here (mostly to myself) and maybe that will remind you :P

    I'm going to have to do this about 3 times, (3 domains -> 3 Pentaho servers) as well as possibly having a RDBMS authentication system (though OpenLDAP would be nice -- to have a front end to allow my service desk to reset passwords...

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.