Hitachi Vantara Pentaho Community Forums
Results 1 to 7 of 7

Thread: Getting username and password dynamically for pentaho Ldap

  1. #1

    Default Getting username and password dynamically for pentaho Ldap

    Hi,

    During my Pentaho3.5/Ldap integration ,I came to notice the uid and password being hardcoded in applicationContext-security-ldap.properties like this

    "contextSource.userDn=uid=admin,ou=system
    contextSource.password=secret"

    and referred in applicationContext-spring-security-ldap.xml.
    Is it possible to send the login username and password to the above xml file dynamically,rather than hardcoding it in property file?

    Or is there any other way not put any hardcoded userid/password in any property file and do the authentication/authorization using ldap?

    Thanks in advance.

    Regards,
    Karthik

  2. #2

    Default

    Well you need an admin account so LDAP will know to trust you, it would be pretty insecure if it just handed out authentication certificates to servers without knowing who's at the other end
    This is a signature.... everyone gets it.

    Join the Unofficial Pentaho IRC channel on freenode.
    Server: chat.freenode.net Channel: ##pentaho

    Please try and make an effort and search the wiki and forums before posting!
    Checkout the Saiku, the future of Open Source Interactive OLAP(http://analytical-labs.com)

    http://mattlittle.files.wordpress.co...-bananaman.jpg

  3. #3

    Default

    Quote Originally Posted by bugg_tb View Post
    Well you need an admin account so LDAP will know to trust you, it would be pretty insecure if it just handed out authentication certificates to servers without knowing who's at the other end
    Hi Bugg_db,

    Thanks for your reply.

    Our Application is an intranet based application, and our major concern is we don't want to hardcode any user ID/password in the applicationContext-security-ldap.properties file.
    Additionally, If we hardcode a user ID and password, what happened to the user credentials supplied from the login page?

    Regards,
    Karthik

  4. #4

    Default

    Well its not the login page credentials you supply, its the credentials that allows Spring security to search AD, you don't just want a random user tapping in to your Active Directory server, do you?
    This is a signature.... everyone gets it.

    Join the Unofficial Pentaho IRC channel on freenode.
    Server: chat.freenode.net Channel: ##pentaho

    Please try and make an effort and search the wiki and forums before posting!
    Checkout the Saiku, the future of Open Source Interactive OLAP(http://analytical-labs.com)

    http://mattlittle.files.wordpress.co...-bananaman.jpg

  5. #5

    Default

    Quote Originally Posted by bugg_tb View Post
    Well its not the login page credentials you supply, its the credentials that allows Spring security to search AD, you don't just want a random user tapping in to your Active Directory server, do you?
    Thanks for the reply,

    Well ... we don't really mind who is trying to connect to the AD as soon as the credentials are correct (Our user base is very limited and is intranet based ) ..Instead of Connecting to AD with a Pre defined user in applicationContext-security-ldap.properties, can we use the login credential to bind to AD and perform further Authentication and Autherization ? If it is possible what is the steps involved in doing so?

  6. #6

    Default

    Let me try and explain this one so simply my cat could understand......

    To search, connect to or do anything that remotely uses active directory.... you HAVE to pass some credentials that have permissions to search/scan active directory for the valid users and check his credentials.....

    You can't just pass the login credentials to Active Directory.. thats just silly, you HAVE to pass a valid user in the ldap setup to allow Spring to search the directory in the first place.
    This is a signature.... everyone gets it.

    Join the Unofficial Pentaho IRC channel on freenode.
    Server: chat.freenode.net Channel: ##pentaho

    Please try and make an effort and search the wiki and forums before posting!
    Checkout the Saiku, the future of Open Source Interactive OLAP(http://analytical-labs.com)

    http://mattlittle.files.wordpress.co...-bananaman.jpg

  7. #7
    Join Date
    Apr 2011
    Posts
    8

    Default

    Hello bugg_tb, i have just seen this topic.
    I really thank u if u can help me in configuring the applicationContext-security-ldap.properties.
    I have understood perfectly the meaning of the first 3 rows for telling LDAP server that i've got an administrative user.
    But all still doesn't work.
    Why the first row contextSource.providerUrl=ldap\://localhost\:10389/ou\=system is finished with ou\=system???
    Is that due to the folder in which to locate the administrative user indicated in the second row??
    For example if my user is CN=ABC,CN=Users need I to replace ou\=system with CN=Users?

    How can i configure the other rows for searching all the users in a particular folder for example named PIPPO??
    Once configured in the right way the users LDAP will be visible in the user console or need I to insert manually username and password??

    I hope u will understand my bad explanation and I really really thank u in advance.

    peky

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.