Skip to main content
Pentaho Documentation

LDAP Roles Are Not "Admin" and "Authenticated"

You must not use Admin and Authenticated roles in your LDAP. Instead you must configure your system to use pentahoAdmins and pentahoUsers or other easily identifiable role names. Edit /pentaho-solutions/system/applicationContext-spring-security.xml. At the bottom of this file, you will find a number of lines that look like: A/docs/.*Z=Anonymous,Authenticated.

These are entries for URL Security. They are regular expressions to match a path on the browser’s URL that require the user to be a member of the defined role to gain access. In the example above, both Anonymous and Authenticated get access. In the example above, use pentahoUsers in the place of Authenticated. by entering A/docs/.*Z=Anonymous,pentahoUsers. For all entries that show Authenticated, replace it with pentahoUsers or your chosen name. Replace Admin with pentahoAdmins or your chosen name. For the change from Authenticated to pentahoUsers replace all occurrences. For Admin to pentahoAdmins you need to be a little more careful because there are some entries that look like this: A/admin.*Z=pentahoAdmins.

Edit the /pentaho-solutions/system/repository.spring.xml file and change:

<bean id="singleTenantAuthenticatedAuthorityName" class="java.lang.String">
    <constructor-arg value="Authenticated" />
   </bean>

to:

<bean id="singleTenantAuthenticatedAuthorityName" class="java.lang.String">
    <constructor-arg value="pentahoUsers" />
   </bean>

and:

<bean id="singleTenantAdminAuthorityName" class="java.lang.String">
    <constructor-arg value="Admin" />
   </bean>

to:

<bean id="singleTenantAdminAuthorityName" class="java.lang.String">
    <constructor-arg value="pentahoAdmins" />
   </bean>