Due to recent updates, all users are required to create an Altair One account to login to the RapidMiner community. Click the Register button to create your account using the same email that you have previously used to login to the RapidMiner community. This will ensure that any previously created content will be synced to your Altair One account. Once you login, you will be asked to provide a username that identifies you to other Community users. Email us at Community with questions.

LDAP auth against MS Azure Active Directory?

paal_spaal_s Member Posts: 4 Contributor I
edited December 2018 in Help

Hi,

Just wondering if anyone has tried enabling LDAP and authenticating users towards Microsoft Azure Active Directory Services?

 

In the RM Server file 'local-security.properties' it requires a URL, username and password, but from my Azure AD admin panel it isn't obvious to me that it will work.

 

Before I start digging deeper, has anyone tried integrating these services previously? Would love to hear your thoughts!

 

Best,

P.

Tagged:

Answers

  • Edin_KlapicEdin_Klapic Employee, RMResearcher, Member Posts: 299 RM Data Scientist

    Hi @paal_s,

    Unfortunately I cannot help with MS Azure but here is a "working" configuration for Windows Active Directory.

     

    #
    # Properties for using LDAP authentication with RapidMiner Server
    #

    # enable or disable LDAP authentication
    ldap.enabled=true

    # provider url
    ldap.providerUrl=ldap://FIRST.DOMAIN.COM:3268 ldap://SECOND.DOMAIN.COM:3268

    # user/pass to access ldap
    ldap.user=CN=USER-ID,OU=Service Accounts,OU=Accounts,OU=Users,OU=ZZ PAM,DC=first,DC=domain,DC=com
    ldap.password=PASSWORD

    # search settings
    ldap.search.base=

    # example ldap.search.filter for OpenLDAP:
    #   ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))
    # example ldap.search.filter for Active Directory:
    #   ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))
    ldap.search.filter=(&(sAMAccountName={0}))

    # group properties
    # ldap.group.roleAttribute for OpenLDAP:
    #   ldap.group.roleAttribute=cn
    # ldap.group.roleAttribute for Active Directory:
    #   ldap.search.filter=distinguishedName
    ldap.group.roleAttribute=distinguishedName

    # user properties
    ldap.user.displayNameAttribute=displayName
    ldap.user.emailAttribute=mail

    # timeout in sec for cached authentications
    # the cache is used to to relieve the authentication provider and
    # to prevent multiple authentication requests from the same user in the defined timeframe
    # change the value to 0 if the caching should be disabled and
    # every request should be forwarded to the authentication provider
    ldap.cache.timeout=60

    Hope this helps somehow,

    Edin

Sign In or Register to comment.