Skip to main content
Pentaho Documentation

LDAP Properties

You can manually configure LDAP values by editing the /pentaho-solutions/system/applicationContext-security-ldap.properties file in the DI Server directory.

Connection Information (Context)

These entries define the connection to the LDAP server and the user/password used to perform directory searches against it.

LDAP Property Purpose Example
contextSource.providerUrl LDAP connection URL contextSource.providerUrl=ldap://holly:389/DC=Valyant,DC=local
contextSource.userDn Distinguished name of a user with read access to directory contextSource.userDn=CN=Administrator,CN=Users,DC= Valyant,DC=local
contextSource.password Password for the specified user contextSource.password=secret

Users

These options control how the LDAP server is searched for usernames that are entered in the Pentaho login dialog box.

The {0} token is replaced by the username from the login dialog.

The example above defines DC=Valyant,DC=local in contextSource.providerURL. Given that definition, you would not need to repeat that in userSearch.searchBase below because it is appended automatically to the defined value here.

LDAP Property Purpose Example
userSearch.searchBase Base (by username) for user searches userSearch.searchBase=CN=Users
userSearch.searchFilter Filter (by username) for user searches. The attribute you specify here must contain the value that you want your users to log into Pentaho with. Active Directory usernames are represented by sAMAccountName; full names are represented by displayName. userSearch.searchFilter= (sAMAccountName={0})

Populator

The populator matches fully distinguished user names from userSearch to distinguished role names for roles those users belong to.

The {0} token will be replaced with the user DN found during a user search; the {1} token is replaced with the username entered in the login screen.

LDAP Property Purpose Example
populator.convertToUpperCase Indicates whether or not retrieved role names are converted to uppercase populator.convertToUpperCase=false
populator.groupRoleAttribute The attribute to get role names from populator.groupRoleAttribute=cn
populator.groupSearchBase Base (by user DN or username) for role searches. populator.groupSearchBase=ou= Pentaho
populator.groupSearchFilter The special nested group filter for Active Directory is shown in the example; this will not work with non-MSAD directory servers. populator.groupSearchFilter= (memberof:1.2.840.113556.1.4.1941:= ({0}))
populator.rolePrefix A prefix to add to the beginning of the role name found in the group role attribute; the value can be an empty string. populator.rolePrefix=
populator.searchSubtree Indicates whether or not the search must include the current object and all children. If set to false, the search must include the current object only. populator.searchSubtree=true

All Authorites Search

These entries populate roles that appear in the Admin tab . These should be similar or identical to the Populator entries.

LDAP Property Purpose Example
allAuthoritiesSearch.roleAttribute The attribute used for role values allAuthoritiesSearch.roleAttribute=cn
allAuthoritiesSearch.searchBase Base for all roles searches allAuthoritiesSearch.searchBase=ou= Pentaho
allAuthoritiesSearch.searchFilter Filter for all roles searches. Active Directory requires that the objectClass value be set to group. allAuthoritiesSearch.searchFilter= (objectClass=group)

All User Name Search

These entries populate the users that appear on the Admin tab and can only be set manually in the /pentaho-solutions/system/applicationContext-security-ldap.properties file. These entities are not made available in the User Console.

LDAP Property Purpose Example
allUsernamesSearch.usernameAttribute The attribute used for user values allUsernamesSearch. usernameAttribute=sAMAccountName
allUsernamesSearch.searchBase Base for "all users" searches allUsernamesSearch.searchBase= CN=users
allUsernamesSearch.searchFilter Filter for "all users" searches allUsernamesSearch.searchFilter= objectClass=person