Manual LDAP Configuration
You must have a working directory server with an established configuration before continuing.
Follow the instructions below to manually switch from Pentaho default security to LDAP security.
- Stop the BA Server and User Console.
- Change the
securities.properties
file located at /pentaho-solutions/system folder fromprovider=jackrabbit
toprovider=ldap
. - Save and close the file, then edit the /pentaho-solutions/system/applicationContext-security-ldap.properties file and modify the localhost and password to match your configuration.
contextSource.providerUrl=ldap\://localhost\:10389/ou\=system
contextSource.password=secret
- Save and close the file, then edit the /pentaho-solutions/system/data-access/settings.xml file and modify the settings to match your LDAP configuration. Find and replace the entries for Administrator in the examples below with the correct administrator name for your LDAP configuration.
<!– roles with data access permissions –> <data-access-roles>Administrator</data-access-roles> <!– users with data access permissions –> <!– <data-access-users></data-access-users> –> <!– roles with datasource view permissions –> <data-access-view-roles>Authenticated,Administrator</data-access-view-roles> <!– users with datasource view permissions –> <!– <data-access-view-users>suzy</data-access-view-users> –> <!– default view acls for user or role –> <data-access-default-view-acls>31</data-access-default-view-acls>
- Save and close the file, then edit the following files in the /pentaho/server/biserver-ee/pentaho-solutions/system/ directory and change all instances of the Administrator and Authenticated role values to match the appropriate roles in your LDAP configuration:
- pentaho.xml
- repository.spring.properties
- applicationContext-spring-security.xml
- Delete these two folders from the
/pentaho/server/biserver-ee/pentaho-solutions/system/jackrabbit/repository
directory:- repository
- workspaces
- Restart the BA Server and test the LDAP functionality.
The BA Server is now configured to authenticate users against your directory server. The LDAP Properties reference article contains supplemental information for LDAP values.