Skip to main content
Pentaho Documentation

Manual LDAP/JDBC Hybrid Configuration

You must have a working directory server with an established configuration, and a database containing your user roles before continuing.

It is possible to use a directory server for user authentication and a JDBC security table for role definitions. This is common in situations where LDAP roles cannot be redefined for BA Server use. Follow the below instructions to switch the BA Server's authentication back end from the Pentaho data access object to an LDAP/JDBC hybrid.

Note: Replace the pentahoAdmins and pentahoUsers references in the examples below with the appropriate roles from your LDAP configuration.
  1. Stop the BA Server and User Console.
  2. Open /pentaho-solutions/system/security.properties with a text editor.
  3. Add this value beneath the provider=ldap line, then save and close the file:
    role.provider=jdbc
  4. Open the /pentaho-solutions/system/pentahoObjects.spring.xml with a text editor.
  5. Find these code blocks and change the providerName to jdbc.
    <!-- Reference to a bean in one of the applicationContext-pentaho-security-*.xml; selected by configured provider-->
      <pen:bean id="activeUserRoleListService" class="org.pentaho.platform.api.engine.IUserRoleListService">
        <pen:attributes>
          <pen:attr key="providerName" value="${security.provider}"/>
        </pen:attributes>
      </pen:bean> 
    
  6. Open the /pentaho-solutions/system/applicationContext-spring-security-jdbc.properties file with a text editor and edit to show your database connection information. Save and close the file.
  7. Open /pentaho-solutions/system/applicationContext-pentaho-security-jdbc.xml. Find this code block and change Admin to an appropriate administrator role in your JDBC authentication database.
    <!-- map ldap role to pentaho security role -->
    <util:map id="jdbcRoleMap">
       <entry key="Admin" value="Administrator"/>
    </util:map>
    
  8. Open the /pentaho-solutions/system/applicationContext-springsecurity-ldap.xml file and replace the populator bean difinition with this one.
    <bean id="populator" class="org.springframework.security.
    ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
    <constructor-arg ref="jdbcUserDetailsService" />
    </bean>
    
  9. Delete the /tomcat/work/ and /tomcat/temp/ directories.
  10. Start the BA Server and User Console.
  11. Log into the User Console.
  12. Configure the Pentaho LDAP connection as explained in LDAP Properties.
The BA Server is configured to authenticate users against your directory server.