Need help configuring LDAP Bind

msaville09
msaville09 New Altair Community Member
edited November 5 in Community Q&A
Getting the following error in the server.log from the ldap bind account when attempting logon in the web page:

12:43:03,476 WARNING [de.rapidanalytics.web.security.RapidMinerLdapAuthenticationProvider] (http-/0.0.0.0:443-1) Internal authentication service exception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]. Continuing authentication with some other provider.
12:43:03,585 DEBUG [org.springframework.security.authentication.dao.DaoAuthenticationProvider] (http-/0.0.0.0:443-1) User 'dataprep-tst' not found

I've confirmed the ldap.user string works with ldapsearch cli:

ldapsearch -H ldaps://us.lmco.com:3269 -x -w Password#1234 -D "CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com" -b "DC=us,DC=lmco,DC=com" "(&(objectClass=person)(samAccountName=dataprep-tst))" cn sAMAccountName userPrincipalName

I've tried several variations for the ldap.user using the DN, CN and UPN, which all work with ldapsearch, but not with the rapid server.  I'm using TLS on all connections, but I've confirmed the CA certs and JKS are all good.

Appreciate any suggestions.
MikeS





Tagged:

Answers

  • msaville09
    msaville09 New Altair Community Member
    here is the local-security.properties contents:

    #
    # Properties for using LDAP authentication with RapidMiner Server
    #

    # enable or disable LDAP authentication
    ldap.enabled=true

    # provider url
    #ldap.providerUrl=ldaps://us.lmco.com:3269/DC=us,DC=lmco,DC=com
    ldap.providerUrl=ldaps://us.lmco.com:3269

    # user/pass to access ldap
    #ldap.user="dataprep-tst"
    #ldap.user="dataprep-tst@us.lmco.com"
    #ldap.user="Fc-EO, dataprep-tst"
    ldap.user="CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com"
    ldap.password="Password#1234"

    # search settings
    ldap.search.base="DC=us,DC=lmco,DC=com"

    # example ldap.search.filter for OpenLDAP:
    #   ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))
    # example ldap.search.filter for Active Directory:
    #   ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))
    #ldap.search.filter=(&(objectClass=person)(samAccountName=\${USER})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))
    ldap.search.filter=(&(objectClass=person)(samAccountName={0})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))

    # group properties
    # ldap.group.roleAttribute for OpenLDAP:
    #   ldap.group.roleAttribute=cn
    # ldap.group.roleAttribute for Active Directory:
    #   ldap.group.roleAttribute=distinguishedName
    ldap.group.roleAttribute=memberOf

    # user properties
    ldap.user.displayNameAttribute=displayName
    ldap.user.emailAttribute=mail

    # timeout in sec for cached authentications
    # the cache is used to to relieve the authentication provider and
    # to prevent multiple authentication requests from the same user in the defined timeframe
    # change the value to 0 if the caching should be disabled and
    # every request should be forwarded to the authentication provider
    ldap.cache.timeout=60

    # Connection timeout in ms regarding how long RapidMiner Server should wait for the LDAP server to respond
    ldap.connection.timeout=10000



  • MartinLiebig
    MartinLiebig
    Altair Employee
    please connect with our professional support at support.rapidminer.com

    Best,
    Martin

Categories