The Altair Community is migrating to a new platform to provide a better experience for you. In preparation for the migration, the Altair Community is on read-only mode from October 28 - November 6, 2024. Technical support via cases will continue to work as is. For any urgent requests from Students/Faculty members, please submit the form linked here

LDAP auth against MS Azure Active Directory?

paal_spaal_s Member Posts: 4 Contributor I
edited November 2018 in Help

Hi,

Just wondering if anyone has tried enabling LDAP and authenticating users towards Microsoft Azure Active Directory Services?

 

In the RM Server file 'local-security.properties' it requires a URL, username and password, but from my Azure AD admin panel it isn't obvious to me that it will work.

 

Before I start digging deeper, has anyone tried integrating these services previously? Would love to hear your thoughts!

 

Best,

P.

Tagged:

Answers

  • Edin_KlapicEdin_Klapic Employee-RapidMiner, RMResearcher, Member Posts: 299 RM Data Scientist

    Hi @paal_s,

    Unfortunately I cannot help with MS Azure but here is a "working" configuration for Windows Active Directory.

     

    #
    # Properties for using LDAP authentication with RapidMiner Server
    #

    # enable or disable LDAP authentication
    ldap.enabled=true

    # provider url
    ldap.providerUrl=ldap://FIRST.DOMAIN.COM:3268 ldap://SECOND.DOMAIN.COM:3268

    # user/pass to access ldap
    ldap.user=CN=USER-ID,OU=Service Accounts,OU=Accounts,OU=Users,OU=ZZ PAM,DC=first,DC=domain,DC=com
    ldap.password=PASSWORD

    # search settings
    ldap.search.base=

    # example ldap.search.filter for OpenLDAP:
    #   ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))
    # example ldap.search.filter for Active Directory:
    #   ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))
    ldap.search.filter=(&(sAMAccountName={0}))

    # group properties
    # ldap.group.roleAttribute for OpenLDAP:
    #   ldap.group.roleAttribute=cn
    # ldap.group.roleAttribute for Active Directory:
    #   ldap.search.filter=distinguishedName
    ldap.group.roleAttribute=distinguishedName

    # user properties
    ldap.user.displayNameAttribute=displayName
    ldap.user.emailAttribute=mail

    # timeout in sec for cached authentications
    # the cache is used to to relieve the authentication provider and
    # to prevent multiple authentication requests from the same user in the defined timeframe
    # change the value to 0 if the caching should be disabled and
    # every request should be forwarded to the authentication provider
    ldap.cache.timeout=60

    Hope this helps somehow,

    Edin

Sign In or Register to comment.