The Altair Community is migrating to a new platform to provide a better experience for you. In preparation for the migration, the Altair Community is on read-only mode from October 28 - November 6, 2024. Technical support via cases will continue to work as is. For any urgent requests from Students/Faculty members, please submit the form linked here
Need help configuring LDAP Bind
msaville09
Member Posts: 2 
Learner I
Getting the following error in the server.log from the ldap bind account when attempting logon in the web page:
12:43:03,476 WARNING [de.rapidanalytics.web.security.RapidMinerLdapAuthenticationProvider] (http-/0.0.0.0:443-1) Internal authentication service exception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]. Continuing authentication with some other provider.
12:43:03,585 DEBUG [org.springframework.security.authentication.dao.DaoAuthenticationProvider] (http-/0.0.0.0:443-1) User 'dataprep-tst' not found
I've confirmed the ldap.user string works with ldapsearch cli:
ldapsearch -H ldaps://us.lmco.com:3269 -x -w Password#1234 -D "CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com" -b "DC=us,DC=lmco,DC=com" "(&(objectClass=person)(samAccountName=dataprep-tst))" cn sAMAccountName userPrincipalName
I've tried several variations for the ldap.user using the DN, CN and UPN, which all work with ldapsearch, but not with the rapid server. I'm using TLS on all connections, but I've confirmed the CA certs and JKS are all good.
Appreciate any suggestions.
MikeS
Tagged:
0
Answers
# Properties for using LDAP authentication with RapidMiner Server
#
# enable or disable LDAP authentication
ldap.enabled=true
# provider url
#ldap.providerUrl=ldaps://us.lmco.com:3269/DC=us,DC=lmco,DC=com
ldap.providerUrl=ldaps://us.lmco.com:3269
# user/pass to access ldap
#ldap.user="dataprep-tst"
#ldap.user="dataprep-tst@us.lmco.com"
#ldap.user="Fc-EO, dataprep-tst"
ldap.user="CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com"
ldap.password="Password#1234"
# search settings
ldap.search.base="DC=us,DC=lmco,DC=com"
# example ldap.search.filter for OpenLDAP:
# ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))
# example ldap.search.filter for Active Directory:
# ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))
#ldap.search.filter=(&(objectClass=person)(samAccountName=\${USER})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))
ldap.search.filter=(&(objectClass=person)(samAccountName={0})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))
# group properties
# ldap.group.roleAttribute for OpenLDAP:
# ldap.group.roleAttribute=cn
# ldap.group.roleAttribute for Active Directory:
# ldap.group.roleAttribute=distinguishedName
ldap.group.roleAttribute=memberOf
# user properties
ldap.user.displayNameAttribute=displayName
ldap.user.emailAttribute=mail
# timeout in sec for cached authentications
# the cache is used to to relieve the authentication provider and
# to prevent multiple authentication requests from the same user in the defined timeframe
# change the value to 0 if the caching should be disabled and
# every request should be forwarded to the authentication provider
ldap.cache.timeout=60
# Connection timeout in ms regarding how long RapidMiner Server should wait for the LDAP server to respond
ldap.connection.timeout=10000
Dortmund, Germany