Need help configuring LDAP Bind

msaville09msaville09 Member Posts: 2 Newbie
edited June 2019 in Help
Getting the following error in the server.log from the ldap bind account when attempting logon in the web page:

12:43:03,476 WARNING [de.rapidanalytics.web.security.RapidMinerLdapAuthenticationProvider] (http-/ Internal authentication service exception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]. Continuing authentication with some other provider.
12:43:03,585 DEBUG [org.springframework.security.authentication.dao.DaoAuthenticationProvider] (http-/ User 'dataprep-tst' not found

I've confirmed the ldap.user string works with ldapsearch cli:

ldapsearch -H ldaps://us.lmco.com:3269 -x -w Password#1234 -D "CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com" -b "DC=us,DC=lmco,DC=com" "(&(objectClass=person)(samAccountName=dataprep-tst))" cn sAMAccountName userPrincipalName

I've tried several variations for the ldap.user using the DN, CN and UPN, which all work with ldapsearch, but not with the rapid server.  I'm using TLS on all connections, but I've confirmed the CA certs and JKS are all good.

Appreciate any suggestions.



  • Options
    msaville09msaville09 Member Posts: 2 Newbie
    here is the local-security.properties contents:

    # Properties for using LDAP authentication with RapidMiner Server

    # enable or disable LDAP authentication

    # provider url

    # user/pass to access ldap
    #ldap.user="Fc-EO, dataprep-tst"
    ldap.user="CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com"

    # search settings

    # example ldap.search.filter for OpenLDAP:
    #   ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))
    # example ldap.search.filter for Active Directory:
    #   ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))

    # group properties
    # ldap.group.roleAttribute for OpenLDAP:
    #   ldap.group.roleAttribute=cn
    # ldap.group.roleAttribute for Active Directory:
    #   ldap.group.roleAttribute=distinguishedName

    # user properties

    # timeout in sec for cached authentications
    # the cache is used to to relieve the authentication provider and
    # to prevent multiple authentication requests from the same user in the defined timeframe
    # change the value to 0 if the caching should be disabled and
    # every request should be forwarded to the authentication provider

    # Connection timeout in ms regarding how long RapidMiner Server should wait for the LDAP server to respond

  • Options
    MartinLiebigMartinLiebig Administrator, Moderator, Employee, RapidMiner Certified Analyst, RapidMiner Certified Expert, University Professor Posts: 3,520 RM Data Scientist
    please connect with our professional support at support.rapidminer.com

    - Sr. Director Data Solutions, Altair RapidMiner -
    Dortmund, Germany
Sign In or Register to comment.