Manual LDAP Configuration

 

You must have a working LDAP server with an established configuration before continuing. Follow the instructions below to manually switch from Pentaho default security to LDAP security.

1. Stop the Pentaho Server.
2. Edit the securities.properties file located in the/pentaho-solutions/system folder and change provider=jackrabbit to provider=ldap. Save and close the file.
3. Edit the /pentaho-solutions/system/applicationContext-security-ldap.properties file and modify the settings to match your LDAP configuration:

   userSearch.searchBase=OU\=YourDomainCustomerCareUsers,DC\=YourDomainCustomerCare,DC\=com
   allAuthoritiesSearch.roleAttribute=cn
   allAuthoritiesSearch.searchBase=OU\=YourDomainCustomerCareGroups,DC\=YourDomainCustomerCare,DC\=com
   userSearch.searchFilter=(sAMAccountName\={0})
   allUsernamesSearch.searchFilter=objectClass\=Person
   allAuthoritiesSearch.searchFilter= (objectClass\=group)
   providerType=ldapCustomConfiguration
   contextSource.userDn=youradminUser@YourDomaincustomercare.com
   populator.rolePrefix=
   allUsernamesSearch.searchBase=OU\=YourDomainCustomerCareUsers,DC\=YourDomainCustomerCare,DC\=com
   adminUser=CN\=YourAdminUserDN,OU\=OrlandoFL,OU\=NAMER,OU\=Support,OU\=YourDomainCustomerCareUsers,DC\=YourDomainCustomerCare,DC\=com
   adminRole=CN\=YourAdminRole,OU\=YourDomainCustomerCareGroups,DC\=YourDomainCustomerCare,DC\=com
   populator.groupSearchBase=OU\=YourDomainCustomerCareGroups,DC\=YourDomainCustomerCare,DC\=com
   populator.convertToUpperCase=false
   populator.searchSubtree=false
   allUsernamesSearch.usernameAttribute=sAMAccountName
   populator.groupRoleAttribute=cn
   contextSource.providerUrl=ldap\://10.100.7.17\:389
   contextSource.password=********
   populator.groupSearchFilter=(member\={0})
   

4. Save and close the file.
5. Edit the /pentaho/server/pentaho-server/pentaho-solutions/system/repository.spring.properties file and replace “admin” in the following line, singleTenanatAdminUserName=admin with the value of the adminUser’s sAMAccountName as defined in the applicationContext-security-ldap.properties file. When complete, save and close the file.
6. Delete the following directory: /pentaho/server/pentaho-server/pentaho-solutions/system/jackrabbit/repository   

Do not delete the repository.xml file, which is also located in the following directory: /pentaho-server/pentaho-solutions/system/jackrabbit

7. You may be using monitoring functions on your Pentaho Server, such as SNMP. Whether you are using monitoring or not, you will need to perform the following configuration file changes:

If you are using monitoring, do the following:

1. Open the /pentaho-server/pentaho-solutions/system/karaf/etc/pentaho.jms.cfg and change the userName and password to match the values defined in Step 5.

If you are not using monitoring, do the following:

1. Open the pentaho-solutions/system/karaf/etc/org.apache.karaf.features.cfg, and find and remove the following line:

pentaho-monitoring-to-snmp,pentaho-monitoring-jms-broker, 

2. Save and close the pentaho-solutions/system/karaf/etc/org.apache.karaf.features.cfg file.
3. Delete the contents of the pentaho-solutions/system/karaf/caches/default/*  folder/folders. 

8. Restart the Pentaho Server and test the LDAP functionality.

The Pentaho Server is now configured to authenticate users against your directory server. The LDAP Properties reference article contains supplemental information for LDAP values.