By default, the Pentaho BI Platform comes with Hibernate-based security data access object (DAO) enabled. Often, enterprises have an existing directory server accessible by LDAP. This page shows you how to switch to the "LDAP" DAO. The instructions below describe a sample LDAP directory using ApacheDS. LDAP browsers such as Apache Directory Studio or JXplorer can be used to browse the objects in your directory.
- Edit pentaho-spring-beans.xml
Change the Spring XML files to use the LDAP DAOs instead of the Hibernate ones. Open
pentaho-solutions/system/pentaho-spring-beans.xmland look for the following section:
- Start the directory
In Windows, just start the
Apachedsservice in the Services dialog. In Linux, the command might be as simple as
service apacheds start.
- Import the LDIF
The sample Spring XML files
applicationContext-pentaho-security-ldap.xmlassume the records below. If you already have an existing directory, or you wish to alter the sample LDIF files, you'll need to adjust the LDAP queries in the aforementioned Spring XML files. To make use of the sample LDIF file, use an LDAP browser, such as Apache Directory Studio or JXplorer, to import it. Note: You may or may not have success importing the LDIF file below. If you run into errors, manually create the records.
Note: The passwords in the LDIF above ('cGFzc3dvcmQ=') are equivalent to a hash of the word 'password.' Therefore, for authentication purposes, all the users above share the same password: 'password'.
Note: Be sure to leave a blank line at the end of this file. Otherwise, the last entry may not import correctly.
Note: The above LDIF assumes the following nodes already exist (as is the case with ApacheDS):
- The default LDAP configuration should work with the above LDIF. If you want to change the LDAP server host or anything else about the configuration, see Security Data Access Objects.
- Start the application server
Now that the directory is running and the LDIF has been imported, start the application server.
- Stop the directory
In Windows, just stop the
Apachedsin the Services dialog. In Linux, run
service apacheds stop.
Having problems? Check out the troubleshooting section.