Skip to main content
Version Pentaho
Hitachi Vantara Lumada and Pentaho Documentation

Switch to MS Active Directory

  1. Last updated
  2. Save as PDF
  1. From User Console Home menu, click Administration, then select Authentication from the left. The Authentication interface appears. Local - Use basic Pentaho Authentication is selected by default.
  2. Choose the External - Use LDAP / Active Directory server radio button. The LDAP Server Connection fields populate with a default URL, user name, and password.
  3. Change the Server URL, User Name, and Password as needed.
  4. Click Test Server Connection to verify the connection to your server and to complete the set up.
  5. Click the Browse buttons to select the Pentaho System Administrator user and role to match your configuration. Click OK. The text box auto-populates with the selected values.
  6. For MSAD, choose Custom Configuration.
  7. For Users:
    1. Search Base by entering the path where your users are located. Example: 
      CN=Users,DC=MyDomain,DC=com
    2. Search Filter by entering in the attribute that users will login with. Example: 
      (sAMAccountName={0})
  8. For Roles:
    1. For Role Attributes, enter in the Attribute that is used for roles/groups. Example: 
      CN
    2. For a Role Search Filter, enter in the ObjectClass that defines that these are roles or groups. Example: 
        (&(objectClass=group)(CN=Pentaho*))
    3. For Role Search Base, enter in the path where your roles or groups are located. Example: 
        OU=groups,DC=MyDOmain,DC=com
    4. Click Test.
  9. For Populator:
    1. For Group Role Attribute, enter in the Attribute that is used for groups. Example: 
      CN
    2. For Group Search Base, enter in the path to where your groups are located. Example: 
        OU=groups,DC=MyDOmain,DC=com
    3. Set the Group Search Filter to 
      (member:1.2.840.113556.1.4.1941:={0})
      You can set a Role Prefix if you need one to filter by.
  10. Click Test, then click Save.
  11. Shut down the Pentaho Server.
  12. Locate these three files and modify the settings as noted.
    1. Navigate to the server/pentaho-server/pentaho-solutions/system directory, and open the repository.spring.properties file with a text editor. Find these two sections and edit them to match your Active Directory settings, then save and close the file. 
      singleTenantAdminUserName=admin

      singleTenantAdminAuthorityName=Administrator
    2. In the server/pentaho-server/pentaho-solutions/system directory, open the pentaho.xml file with a text editor. Find this section and edit it to match your Active Directory settings, then save and close the file. 
      <acl-voter> <admin-role>Administrator</admin-role> </acl-voter>
    3. Navigate to the server/pentaho-server/pentaho-solutions/system/data-access directory, and open the settings.xml file with a text editor. Find these two sections and edit them to match your Active Directory settings, then save and close the file. 
      <data-access-roles>Administrator</data-access-roles>

      <data-access-view-roles>Authenticated,Administrator</data-access-view-roles>
    4. Navigate to the  server/pentaho-server/pentaho-solutions/system/karaf/etc/ directory and open the pentaho.jms.cfg file with a text editor. Within this file, change the userName and password variables to match the values of the LDAP admin user.

       

  13. Restart the Pentaho Server.

The Pentaho Server is now configured to authenticate users against your MSAD server.