LDAP roles issues with Admin and Authenticated

You must not use Admin and Authenticated roles in your LDAP. Instead, you must configure your system to use pentahoAdmins and pentahoUsers or other easily identifiable role names.

Open /pentaho-solutions/system/applicationContext-spring-security.xml in a text editor. At the bottom of this file, you will find a number of entries that look like:

A/docs/.*Z=Anonymous,Authenticated

These are entries for URL security. They are regular expressions to match a path on the browser’s URL that require the user to be a member of the defined role to gain access. For this example, both Anonymous and Authenticated gain access.

We replace Authenticated with pentahoUsers by entering A/docs/.*Z=Anonymous,pentahoUsers. For all entries that show Authenticated, replace it with pentahoUsers or your chosen name. Replace Admin with pentahoAdmins or your chosen name.

For the change from Authenticated to pentahoUsers, replace all occurrences. For Admin to pentahoAdmins you need to be a little more careful because there are some entries that look like this: A/admin.*Z=pentahoAdmins.

Edit the /pentaho-solutions/system/repository.spring.xml file and make the following changes.

From:

<bean id="singleTenantAuthenticatedAuthorityName" class="java.lang.String">
    <constructor-arg value="Authenticated" />
   </bean>

To:

<bean id="singleTenantAuthenticatedAuthorityName" class="java.lang.String">
    <constructor-arg value="pentahoUsers" />
   </bean>

From:

<bean id="singleTenantAdminAuthorityName" class="java.lang.String">
    <constructor-arg value="Admin" />
   </bean>

To:

<bean id="singleTenantAdminAuthorityName" class="java.lang.String">
    <constructor-arg value="pentahoAdmins" />
   </bean>

PreviousLog output security analysis NextWith LDAP authentication, the PDI Repository Explorer is empty

Last updated 8 months ago

Was this helpful?