Pentaho

 View Only

 Error "Access denied to this data" using LDAP authentication on Pentaho Server 9.4

Claudio Battaglino's profile image
Claudio Battaglino posted 06-20-2023 10:09

Hi,

I'm trying to activate Ldap Authentication on Pentaho Server CE 9.4 with the manual configuration.

As suggested in the official guide, I've modified the following files:

  • security.properties
  • applicationContext-security-ldap.properties
  • repository.spring.properties

However, with this configuration only the user-defined as Administrator can log in (the one specified in adminUser), when another user tries to log in the following error is raised by the server:

13:41:44,172 ERROR [BackingRepositoryLifecycleManagerAuthenticationSuccessListener] Access denied to this data
org.springframework.security.access.AccessDeniedException: Access denied to this data
        at org.pentaho.platform.repository2.unified.jcr.sejcr.PentahoJcrTemplate.pentahoConvertJcrAccessException(PentahoJcrTemplate.java:133) ~[pentaho-platform-repository-9.4.0.0-343.jar:9.4.0.0-343]
        at org.pentaho.platform.repository2.unified.jcr.sejcr.PentahoJcrTemplate.execute(PentahoJcrTemplate.java:79) ~[pentaho-platform-repository-9.4.0.0-343.jar:9.4.0.0-343]
        at org.springframework.extensions.jcr.JcrTemplate.execute(JcrTemplate.java:115) ~[se-jcr-0.9.jar:?]
        at org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileDao.createFolder(JcrRepositoryFileDao.java:332) ~[pentaho-platform-repository-9.4.0.0-343.jar:9.4.0.0-343]

I think that the user is accepted by Ldap Server but Pentaho needs something else.

What could be the problem?

How can I debug this error?

The content of "applicationContext-security-ldap.properties" is :
contextSource.providerUrl=ldaps\://ldap.xxxx.org\:636
contextSource.userDn=CN\=Pentaho Svc,OU\=Servizi,OU\=SNSUsers,DC\=xxxx,DC\=org
contextSource.password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
providerType=ldapCustomConfiguration 

adminUser=CN\=Test Francesco,OU\=Team-XXXX,OU\=SNSUsers,DC\=xxxx,DC\=org
adminRole=CN\=votoadmin,OU\=SNSUsers,DC\=xxxx,DC\=org

userSearch.searchBase=OU\=SNSUsers,DC\=xxxx,DC\=org
userSearch.searchFilter=(userPrincipalName\={0})

allUsernamesSearch.usernameAttribute=userPrincipalName
allUsernamesSearch.searchBase=OU\=SNSUsers,DC\=xxxx,DC\=org
allUsernamesSearch.searchFilter=objectClass\=Person

allAuthoritiesSearch.roleAttribute=cn
allAuthoritiesSearch.searchBase=OU\=Team-XXXX,OU\=SNSUsers,DC\=xxxx,DC\=org
allAuthoritiesSearch.searchFilter=(objectClass\=organizationalUnit)

populator.convertToUpperCase=false
populator.groupRoleAttribute=cn
populator.groupSearchBase=OU\=Team-XXXX,OU\=SNSUsers,DC\=xxxx,DC\=org
populator.groupSearchFilter=(name\={0})
populator.rolePrefix=
populator.searchSubtree=false

The content of repository.spring.properties is:

singleTenantAdminDefaultUserName=admin
singleTenantAdminUserName=test.francesco@xxxx.it
singleTenantAdminDefaultAuthorityName=Administrator
singleTenantAdminAuthorityName=Administrator
repositoryAdminUsername=pentahoRepoAdmin
singleTenantAuthenticatedAuthorityName=Authenticated
singleTenantAnonymousAuthorityName=Anonymous
superAdminAuthorityName=SysAdmin
superAdminUserName=super
systemTenantAdminUserName=system
systemTenantAdminPassword=Encrypted xxxxxxxxxxxxxxxxxxxxxxx
cache-size=100
cache-ttl=300
versioningEnabled=false
versionCommentsEnabled=false 
useMultiByteEncoding=false

Thank you very much

Related Content