Skip to main content
Pentaho Documentation

Enable Extra LDAP Security Logging

If you need yet more LDAP-related security details in pentaho.log, or if you are specifically having difficulty with LDAP authentication configuration, follow the below process to set up verbose logging.

These instructions are for testing and pre-production only. User names and passwords will be displayed in the log file in plain text.

  1. Stop the BA Server.
  2. Go to the /pentaho/server/biserver-ee/pentaho-solutions/system directory and open the applicationContext-spring-security-ldap.xml file with a text editor.
  3. Locate the bean declaration for DefaultLdapAuthenticationProvider and replace the constructor-arg bean with the new bean as shown below.
    Old Bean:
    <constructor-arg>
    <ref bean="authenticator" />
    </constructor-arg>
    
    New Bean:
    <constructor-arg>
    <ref bean="ldapAuthenticatorProxy" />
    </constructor-arg>
    
  4. In the same directory, locate and open the pentaho-spring-beans.xml file.
  5. Add the following import line to the list of files:
    <import resource="applicationContext-logging.xml" />
    
  6. Save and close the file.
  7. Locate the /biserver-ee/tomcat/webapps/pentaho/WEB-INF/classes directory and open the log4j.xml file with any text editor.
  8. Add this category to the log4j.xml file.
    <category name="org.springframework.security.providers">
    <priority value="DEBUG"/>
    </category>
    
  9. Save and close the file, then start the BA Server.

You will now have verbose LDAP-specific log messages in pentaho.log that include login credentials for every user that tries to log in.