Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Note: There are related HOWTOs: Changing to the LDAP Security DAO and Changing to the JDBC Security DAO.

Overview

Is it possible to authenticate via LDAP then fetch roles from a relational database? Yes! To accomplish this, make the following changes.

Steps

  1. Install the PentahoDoc:attached JAR file in the same directory as acegi-security-1.x.x.jar (e.g. pentaho.war/WEB-INF/lib). (This JAR contains a single class, detailed in SEC-456.)
  2. Edit pentaho-spring-beans.xml to use a combination of LDAP and JDBC configuration files.
    Code Block
    xml
    xml
    titlepentaho-spring-beans.xml
    <beans>
      <!-- some lines omitted -->
      <import resource="applicationContext-acegi-security.xml" />
      <import resource="applicationContext-common-authorization.xml" />
      <import resource="applicationContext-acegi-security-ldap.xml" />
      <import resource="applicationContext-pentaho-security-jdbc.xml" />
    </beans>
    
  3. Open applicationContext-acegi-security-ldap.xml. Replace the populator bean definition with the one below. (This is the bean in the downloaded JAR.)
    Code Block
    xml
    xml
    titleapplicationContext-acegi-security-ldap.xml
    <bean id="populator" class="org.acegisecurity.providers.ldap.populator.DaoLdapAuthoritiesPopulator">
      <property name="userDetailsService" ref="userDetailsService" />
      <property name="usernameAttribute" value="cn" />
    </bean>
    
  4. Staying in the same file, remove the userDetailsService bean. (We're removing it to replace it later with the JDBC-based UserDetailsService implementation: JdbcDaoImpl.)
    Code Block
    xml
    xml
    titleapplicationContext-acegi-security-ldap.xml
    <!-- removed userDetailsService bean -->
    
  5. Open applicationContext-pentaho-security-jdbc.xml. Add the following two bean definitions. Both of these bean definitions were copied from applicationContext-acegi-security-jdbc.xml. (One is the JDBC-based UserDetailsService implementation; the other is a bean required by that implementation.)
    Code Block
    xml
    xml
    titleapplicationContext-pentaho-security-jdbc.xml
    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
      <property name="driverClassName" value="org.hsqldb.jdbcDriver" />
      <property name="url" value="jdbc:hsqldb:hsql://localhost:9002/userdb" />
      <property name="username" value="sa" />
      <property name="password" value="" />
    </bean>
    
    <bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
      <property name="dataSource">
        <ref local="dataSource" />
      </property>
      <property name="authoritiesByUsernameQuery">
        <value>
          <![CDATA[SELECT username, authority FROM granted_authorities WHERE username = ?]]>
        </value>
      </property>
      <property name="usersByUsernameQuery">
        <value>
          <![CDATA[SELECT username, password, enabled FROM users WHERE username = ?]]>
        </value>
      </property>
    </bean>
    

References

See SEC-456.