Skip to main content
Pentaho Documentation

Manual LDAP Configuration

 

You must have a working LDAP server with an established configuration before continuing. Follow the instructions below to manually switch from Pentaho default security to LDAP security.

  1. Stop the Pentaho Server.
  2. Edit the securities.properties file located in the/pentaho-solutions/system folder and change provider=jackrabbit to provider=ldap. Save and close the file.
  3. Edit the /pentaho-solutions/system/applicationContext-security-ldap.properties file and modify the settings to match your LDAP configuration:
    userSearch.searchBase=OU\=YourDomainCustomerCareUsers,DC\=YourDomainCustomerCare,DC\=com
    allAuthoritiesSearch.roleAttribute=cn
    allAuthoritiesSearch.searchBase=OU\=YourDomainCustomerCareGroups,DC\=YourDomainCustomerCare,DC\=com
    userSearch.searchFilter=(sAMAccountName\={0})
    allUsernamesSearch.searchFilter=objectClass\=Person
    allAuthoritiesSearch.searchFilter= (objectClass\=group)
    providerType=ldapCustomConfiguration
    contextSource.userDn=youradminUser@YourDomaincustomercare.com
    populator.rolePrefix=
    allUsernamesSearch.searchBase=OU\=YourDomainCustomerCareUsers,DC\=YourDomainCustomerCare,DC\=com
    adminUser=CN\=YourAdminUserDN,OU\=OrlandoFL,OU\=NAMER,OU\=Support,OU\=YourDomainCustomerCareUsers,DC\=YourDomainCustomerCare,DC\=com
    adminRole=CN\=YourAdminRole,OU\=YourDomainCustomerCareGroups,DC\=YourDomainCustomerCare,DC\=com
    populator.groupSearchBase=OU\=YourDomainCustomerCareGroups,DC\=YourDomainCustomerCare,DC\=com
    populator.convertToUpperCase=false
    populator.searchSubtree=false
    allUsernamesSearch.usernameAttribute=sAMAccountName
    populator.groupRoleAttribute=cn
    contextSource.providerUrl=ldap\://10.100.7.17\:389
    contextSource.password=********
    populator.groupSearchFilter=(member\={0})
    
  4. Save and close the file.
  5. Edit the /pentaho/server/pentaho-server/pentaho-solutions/system/repository.spring.properties file and replace “admin” in the following line, singleTenanatAdminUserName=admin with the value of the adminUser’s sAMAccountName as defined in the applicationContext-security-ldap.properties file. When complete, save and close the file.
  6. Delete the following directory: /pentaho/server/pentaho-server/pentaho-solutions/system/jackrabbit/repository   

Do not delete the repository.xml file, which is also located in the following directory: /pentaho-server/pentaho-solutions/system/jackrabbit

  1. You may be using monitoring functions on your Pentaho Server, such as SNMP. Whether you are using monitoring or not, you will need to perform the following configuration file changes:

If you are using monitoring, do the following:

  1. Open the /pentaho-server/pentaho-solutions/system/karaf/etc/pentaho.jms.cfg and change the userName and password to match the values defined in Step 5.

If you are not using monitoring, do the following:

  1. Open the pentaho-solutions/system/karaf/etc/org.apache.karaf.features.cfg, and find and remove the following line:
pentaho-monitoring-to-snmp,pentaho-monitoring-jms-broker, 
  1. Save and close the pentaho-solutions/system/karaf/etc/org.apache.karaf.features.cfg file.
  2. Delete the contents of the pentaho-solutions/system/karaf/caches/default/*  folder/folders. 
  1. Restart the Pentaho Server and test the LDAP functionality.

The Pentaho Server is now configured to authenticate users against your directory server. The LDAP Properties reference article contains supplemental information for LDAP values.