Hitachi Vantara Pentaho Community Wiki
Child pages
  • Using LDAP and JDBC Simultaneously
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Note: There are related HOWTOs: Changing to the LDAP Security DAO and Changing to the JDBC Security DAO.


Is it possible to authenticate via LDAP then fetch roles from a relational database? Yes! To accomplish this, make the following changes.


  1. Install the PentahoDoc:attached JAR file in the same directory as acegi-security-1.x.x.jar (e.g. pentaho.war/WEB-INF/lib). (This JAR contains a single class, detailed in SEC-456.)
  2. Edit pentaho-spring-beans.xml to use a combination of LDAP and JDBC configuration files.
      <!-- some lines omitted -->
      <import resource="applicationContext-acegi-security.xml" />
      <import resource="applicationContext-common-authorization.xml" />
      <import resource="applicationContext-acegi-security-ldap.xml" />
      <import resource="applicationContext-pentaho-security-jdbc.xml" />
  3. Open applicationContext-acegi-security-ldap.xml. Replace the populator bean definition with the one below. (This is the bean in the downloaded JAR.)
    <bean id="populator" class="org.acegisecurity.providers.ldap.populator.DaoLdapAuthoritiesPopulator">
      <property name="userDetailsService" ref="userDetailsService" />
      <property name="usernameAttribute" value="cn" />
  4. Staying in the same file, remove the userDetailsService bean. (We're removing it to replace it later with the JDBC-based UserDetailsService implementation: JdbcDaoImpl.)
    <!-- removed userDetailsService bean -->
  5. Open applicationContext-pentaho-security-jdbc.xml. Add the following two bean definitions. Both of these bean definitions were copied from applicationContext-acegi-security-jdbc.xml. (One is the JDBC-based UserDetailsService implementation; the other is a bean required by that implementation.)
    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
      <property name="driverClassName" value="org.hsqldb.jdbcDriver" />
      <property name="url" value="jdbc:hsqldb:hsql://localhost:9002/userdb" />
      <property name="username" value="sa" />
      <property name="password" value="" />
    <bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
      <property name="dataSource">
        <ref local="dataSource" />
      <property name="authoritiesByUsernameQuery">
          <![CDATA[SELECT username, authority FROM granted_authorities WHERE username = ?]]>
      <property name="usersByUsernameQuery">
          <![CDATA[SELECT username, password, enabled FROM users WHERE username = ?]]>


See SEC-456.

  • No labels