Situation:
Untouched 5.1.0.752 BI-SERVER CE Installation
AD running on Windows 2008 server
Windows 7 Pro (bi-server)
Caveat: This is just what I experienced. Different situations will doubtlessly create different problems.
Caveat#2: This is for admins who want to keep their repository on jackrabbit and perform authorization with ldap.
Steps:
1. Login to the server as admin/password.
2. Create a user which duplicates the sAMAccountName user on the AD server who is part of the pentaho admin group you've presumably setup. Give
them full administrator privileges. For the rest of the post I'll refer to them as newAdmin
3. Logout.
4. Shutdown the server.
5. Modify the first two lines of /bi-server/pentaho-solutions/system/repository-spring.properties as so:
singleTenantAdminDefaultUserName=newAdmin
singleTenantAdminUserName=newAdmin
6. Restart the server. Login as newAdmin See that things work.
7. OPTIONAL: Delete the admin, suzy, tiffany, etc users. This ensures less confusion.
8. Shutdown the server.
9. Edit /bi-server/pentaho-solutions/system/applicationContext-security-ldap.properties
10. This is the hard part, you need to ensure everything is good, here is my config
Guaranteed this is not going to work for you. I suggest getting an ldap tool to explore your network AD repository
and you can refer to these:
http://www.selfadsi.org/extended-ad/...r-accounts.htm some info on ad
https://confluence.atlassian.com/dis...search+filters about atlassian but good stuff
http://www.ldapadministrator.com/ a good windows based LDAP explorer.
http://www.joeware.net/freetools/tools/adfind/index.htm windows command line explorer, accepts the filters you'll need to use with applicationContext-security-ldap.properties above
FINALLY: Edit /bi-server/pentaho-solutions/system/security.properties such that it looks like this:
#provider=jackrabbit
provider=ldap
That's literally all you have to do. IF your ldap properties file is setup properly you should be able to restart the server and login as newAdmin.
If it doesn't work, you are going to have to get a deeper understanding of ldap or ask one of your IT guys for help.
Untouched 5.1.0.752 BI-SERVER CE Installation
AD running on Windows 2008 server
Windows 7 Pro (bi-server)
Caveat: This is just what I experienced. Different situations will doubtlessly create different problems.
Caveat#2: This is for admins who want to keep their repository on jackrabbit and perform authorization with ldap.
Steps:
1. Login to the server as admin/password.
2. Create a user which duplicates the sAMAccountName user on the AD server who is part of the pentaho admin group you've presumably setup. Give
them full administrator privileges. For the rest of the post I'll refer to them as newAdmin
3. Logout.
4. Shutdown the server.
5. Modify the first two lines of /bi-server/pentaho-solutions/system/repository-spring.properties as so:
singleTenantAdminDefaultUserName=newAdmin
singleTenantAdminUserName=newAdmin
6. Restart the server. Login as newAdmin See that things work.
7. OPTIONAL: Delete the admin, suzy, tiffany, etc users. This ensures less confusion.
8. Shutdown the server.
9. Edit /bi-server/pentaho-solutions/system/applicationContext-security-ldap.properties
10. This is the hard part, you need to ensure everything is good, here is my config
Code:
contextSource.providerUrl=ldap\://<servername>\:389
contextSource.userDn=newadmin@<subdomain>.<domain, usually local>
contextSource.password=password
userSearch.searchBase=DC=<subdomain>,DC=<domain, usually local>
userSearch.searchFilter=(sAMAccountName={0})
populator.convertToUpperCase=false
populator.groupRoleAttribute=cn
populator.groupSearchBase=ou=Reporting,ou=Security Groups,DC=cortera,DC=local
populator.groupSearchFilter=(member=\{0\})
populator.rolePrefix=
populator.searchSubtree=true
allAuthoritiesSearch.roleAttribute=cn
allAuthoritiesSearch.searchBase=ou=Reporting,ou=Security Groups,DC=<subdomain>,DC=<domain, usually local>
allAuthoritiesSearch.searchFilter=(objectClass=group)
allUsernamesSearch.usernameAttribute=sAMAccountName
allUsernamesSearch.searchBase=dc=<subdomain>,dc=<domain usually local>
allUsernamesSearch.searchFilter=(samAccountType=805306368)
adminRole=cn=RPT_ADMIN,ou=Reporting,ou=Security Groups,dc=<subdomain>,dc=<domain, usually local>
adminUser=cn=newAdmin,cn=Users,dc=<subdomain>,dc=<domain, usually local>and you can refer to these:
http://www.selfadsi.org/extended-ad/...r-accounts.htm some info on ad
https://confluence.atlassian.com/dis...search+filters about atlassian but good stuff
http://www.ldapadministrator.com/ a good windows based LDAP explorer.
http://www.joeware.net/freetools/tools/adfind/index.htm windows command line explorer, accepts the filters you'll need to use with applicationContext-security-ldap.properties above
FINALLY: Edit /bi-server/pentaho-solutions/system/security.properties such that it looks like this:
#provider=jackrabbit
provider=ldap
That's literally all you have to do. IF your ldap properties file is setup properly you should be able to restart the server and login as newAdmin.
If it doesn't work, you are going to have to get a deeper understanding of ldap or ask one of your IT guys for help.