RapidMiner 9.7 is Now Available

Lots of amazing new improvements including true version control! Learn more about what's new here.

CLICK HERE TO DOWNLOAD

Need help configuring LDAP Bind

msaville09msaville09 Member Posts: 2 Newbie
edited June 2019 in Help
Getting the following error in the server.log from the ldap bind account when attempting logon in the web page:

12:43:03,476 WARNING [de.rapidanalytics.web.security.RapidMinerLdapAuthenticationProvider] (http-/0.0.0.0:443-1) Internal authentication service exception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]. Continuing authentication with some other provider.
12:43:03,585 DEBUG [org.springframework.security.authentication.dao.DaoAuthenticationProvider] (http-/0.0.0.0:443-1) User 'dataprep-tst' not found

I've confirmed the ldap.user string works with ldapsearch cli:

ldapsearch -H ldaps://us.lmco.com:3269 -x -w Password#1234 -D "CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com" -b "DC=us,DC=lmco,DC=com" "(&(objectClass=person)(samAccountName=dataprep-tst))" cn sAMAccountName userPrincipalName

I've tried several variations for the ldap.user using the DN, CN and UPN, which all work with ldapsearch, but not with the rapid server.  I'm using TLS on all connections, but I've confirmed the CA certs and JKS are all good.

Appreciate any suggestions.
MikeS





Tagged:

Answers

  • msaville09msaville09 Member Posts: 2 Newbie
    here is the local-security.properties contents:

    #
    # Properties for using LDAP authentication with RapidMiner Server
    #

    # enable or disable LDAP authentication
    ldap.enabled=true

    # provider url
    #ldap.providerUrl=ldaps://us.lmco.com:3269/DC=us,DC=lmco,DC=com
    ldap.providerUrl=ldaps://us.lmco.com:3269

    # user/pass to access ldap
    #ldap.user="dataprep-tst"
    #ldap.user="[email protected]"
    #ldap.user="Fc-EO, dataprep-tst"
    ldap.user="CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com"
    ldap.password="Password#1234"

    # search settings
    ldap.search.base="DC=us,DC=lmco,DC=com"

    # example ldap.search.filter for OpenLDAP:
    #   ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))
    # example ldap.search.filter for Active Directory:
    #   ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))
    #ldap.search.filter=(&(objectClass=person)(samAccountName=\${USER})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))
    ldap.search.filter=(&(objectClass=person)(samAccountName={0})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))

    # group properties
    # ldap.group.roleAttribute for OpenLDAP:
    #   ldap.group.roleAttribute=cn
    # ldap.group.roleAttribute for Active Directory:
    #   ldap.group.roleAttribute=distinguishedName
    ldap.group.roleAttribute=memberOf

    # user properties
    ldap.user.displayNameAttribute=displayName
    ldap.user.emailAttribute=mail

    # timeout in sec for cached authentications
    # the cache is used to to relieve the authentication provider and
    # to prevent multiple authentication requests from the same user in the defined timeframe
    # change the value to 0 if the caching should be disabled and
    # every request should be forwarded to the authentication provider
    ldap.cache.timeout=60

    # Connection timeout in ms regarding how long RapidMiner Server should wait for the LDAP server to respond
    ldap.connection.timeout=10000



  • mschmitzmschmitz Administrator, Moderator, Employee, RapidMiner Certified Analyst, RapidMiner Certified Expert, University Professor Posts: 2,537  RM Data Scientist
    please connect with our professional support at support.rapidminer.com

    Best,
    Martin
    - Head of Data Science Services at RapidMiner -
    Dortmund, Germany
Sign In or Register to comment.