Skip to main content
Pentaho Documentation

Manual LDAP Configuration

You must have a working directory server with an established configuration before continuing.

Follow the instructions below to manually switch from Pentaho default security to LDAP security.

  1. Stop the BA Server and User Console.
  2. Change the securities.properties file located at /pentaho-solutions/system folder from provider=jackrabbit to provider=ldap .
  3. Save and close the file, then edit the /pentaho-solutions/system/applicationContext-security-ldap.properties file and modify the localhost and password to match your configuration.

     

    contextSource.providerUrl=ldap\://localhost\:10389/ou\=system
    

     

    contextSource.password=secret
  4. Save and close the file, then edit the /pentaho-solutions/system/data-access/settings.xml file and modify the settings to match your LDAP configuration. Find and replace the entries for Administrator in the examples below with the correct administrator name for your LDAP configuration.
    <!– roles with data access permissions –>
    <data-access-roles>Administrator</data-access-roles>
    <!– users with data access permissions –>
    <!–
    <data-access-users></data-access-users>
    –>
    <!– roles with datasource view permissions –>
    <data-access-view-roles>Authenticated,Administrator</data-access-view-roles>
    <!– users with datasource view permissions –>
    <!– <data-access-view-users>suzy</data-access-view-users> –>
    <!– default view acls for user or role –>
    <data-access-default-view-acls>31</data-access-default-view-acls>
  5. Save and close the file, then edit the following files in the /pentaho/server/biserver-ee/pentaho-solutions/system/ directory and change all instances of the Administrator and Authenticated role values to match the appropriate roles in your LDAP configuration:
    • pentaho.xml
    • repository.spring.properties
    • applicationContext-spring-security.xml
  6. Delete these two folders from the /pentaho/server/biserver-ee/pentaho-solutions/system/jackrabbit/repository directory:
    • repository
    • workspaces
  7. Restart the BA Server and test the LDAP functionality.
The BA Server is now configured to authenticate users against your directory server. The LDAP Properties reference article contains supplemental information for LDAP values.