Configure Pentaho Business Analytics for LDAP Authentication
SERVERS
In order to learn how to setup the Pentaho Business Analytics suite to use LDAP authentication I put together the following virtual machines:
- CentOS 6.6 Linux – running Pentaho Business Analytics suite (automatic, GUI install)
- CentOS 7 Linux – running Apache Directory Service LDAP server (http://directory.apache.org)
- Apache Directory Studio (http://directory.apache.org/studio/) installed on both the ApacheDS server and on the Windows 7 host machine
For my own benefit as much as anything at this point I’d like to point out that I have a couple of configuration issues with the Pentaho BA server start-up: currently I have to manually start PostgreSQL and restart the BA server. These are the commands I use to do this:
Make sure I’m in my Pentaho installation directory:
$ pwd
/home/pentaho/Pentaho
$ ./ctlscript.sh start postgresql
$ ./ctlscript.sh restart baserver
The ApacheDS service is also started manually – at this point I’m not sure why the /etc/init.d script doesn’t automatically start it… The command used is:
$ sudo /etc/init.d/apacheds-2.0.0_M19-default start
To confirm ApacheDS is running on, and on which port (documentation suggests both 10389 and 389 for non-SSL connections)
$ netstat -a | grep 389
The ApacheDS server firewall configuration required that I change the Permanent configuration for Services and add the 10389 (TCP) port manually.
CONFIGURING LDAP
Using the Apache Directory Studio software installed locally on the Windows host machine here’s how I connected to the ApacheDS server – click on the “New Connection…” button in the Connections window:
Next, on the Authentication tab, I entered the default Bind details. The default password is “secret”. All other details were left at their default settings. Details on how to change the default password can be found here: ApacheDS – changing the default password
Using instructions I found here: LDAP – Apache Directory Studio: A Basic Tutorial I configured the following entries:
CONFIGURING PENTAHO
Then, from the Pentaho BA suite web login page, I configured and tested the LDAP authentication settings. Here follow screenshots of these settings – there is some overlap in some of the images…
Then, finally, you’re able to log into the Pentaho Business Analytics web interface using an LDAP authenticated user:
UPDATE: I needed to set up a new environment like this and using the same settings I’ve found that entering the UID – in this case ‘npond’ – the login doesn’t work. But, if I enter my CN ‘Nigel Pond’ it works…