Hitachi Vantara Pentaho Community Wiki
Child pages
  • Using LDAP and JDBC Simultaneously 2.x-3.0.x
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Note: There are related HOWTOs: Changing to the LDAP Security DAO and Changing to the JDBC Security DAO.


Is it possible to authenticate via LDAP then fetch roles from a relational database? Yes! To accomplish this, make the following changes.


  1. Edit pentaho-spring-beans.xml to use a combination of LDAP and JDBC configuration files.
      <!-- some lines omitted -->
      <import resource="applicationContext-spring-security.xml" />
      <import resource="applicationContext-common-authorization.xml" />
      <import resource="applicationContext-spring-security-ldap.xml" />
      <import resource="applicationContext-pentaho-security-jdbc.xml" />
  2. Open applicationContext-spring-security-ldap.xml. Replace the populator bean definition with the one below.
    <bean id="populator"
      <constructor-arg index="0">
        <ref bean="userDetailsService" />
  3. Staying in the same file, remove the userDetailsService bean. (We're removing it to replace it later with the JDBC-based UserDetailsService implementation: JdbcDaoImpl.)
    <!-- removed userDetailsService bean -->
  4. Open applicationContext-pentaho-security-jdbc.xml. Add the following two bean definitions. Both of these bean definitions were copied from applicationContext-spring-security-jdbc.xml. (One is the JDBC-based UserDetailsService implementation; the other is a bean required by that implementation.)
    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
      <property name="driverClassName" value="org.hsqldb.jdbcDriver" />
      <property name="url" value="jdbc:hsqldb:hsql://localhost:9002/userdb" />
      <property name="username" value="sa" />
      <property name="password" value="" />
    <bean id="userDetailsService" class="">
      <property name="dataSource">
        <ref local="dataSource" />
      <property name="authoritiesByUsernameQuery">
          <![CDATA[SELECT username, authority FROM granted_authorities WHERE username = ?]]>
      <property name="usersByUsernameQuery">
          <![CDATA[SELECT username, password, enabled FROM users WHERE username = ?]]>
  • No labels