Need help configuring LDAP Bind

msaville09msaville09 MemberPosts:2Newbie
edited June 2019 inHelp
Getting the following error in the server.log from the ldap bind account when attempting logon in the web page:

12:43:03,476 WARNING [de.rapidanalytics.web.security.RapidMinerLdapAuthenticationProvider] (http-/0.0.0.0:443-1) Internal authentication service exception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]. Continuing authentication with some other provider.
12:43:03,585调试(org.springframework.security.authentication.dao.DaoAuthenticationProvider] (http-/0.0.0.0:443-1) User 'dataprep-tst' not found

I've confirmed the ldap.user string works with ldapsearch cli:

ldapsearch -H ldaps://us.lmco.com:3269 -x -w Password#1234 -D "CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com" -b "DC=us,DC=lmco,DC=com" "(&(objectClass=person)(samAccountName=dataprep-tst))" cn sAMAccountName userPrincipalName

I've tried several variations for the ldap.user using the DN, CN and UPN, which all work with ldapsearch, but not with the rapid server. I'm using TLS on all connections, but I've confirmed the CA certs and JKS are all good.

Appreciate any suggestions.
MikeS





Tagged:

Answers

  • msaville09msaville09 MemberPosts:2Newbie
    here is the local-security.properties contents:

    #
    # Properties for using LDAP authentication with RapidMiner Server
    #

    # enable or disable LDAP authentication
    ldap.enabled=true

    # provider url
    #ldap.providerUrl=ldaps://us.lmco.com:3269/DC=us,DC=lmco,DC=com
    ldap.providerUrl=ldaps://us.lmco.com:3269

    # user/pass to access ldap
    #ldap.user="dataprep-tst"
    #ldap.user="[email protected]"
    #ldap.user="Fc-EO, dataprep-tst"
    ldap.user="CN=Fc-EO\, dataprep-tst,OU=Users,OU=CSV,DC=us,DC=lmco,DC=com"
    ldap.password="Password#1234"

    #搜索设置
    ldap.search.base="DC=us,DC=lmco,DC=com"

    # example ldap.search.filter for OpenLDAP:
    # ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))
    # example ldap.search.filter for Active Directory:
    # ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))
    #ldap.search.filter=(&(objectClass=person)(samAccountName=\${USER})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))
    ldap.search.filter=(&(objectClass=person)(samAccountName={0})(memberof=cn=us\EO.data-prep-evals,OU=Groups,OU=CSV,DC=us,DC=lmco,DC=com))

    # group properties
    # ldap.group.roleAttribute for OpenLDAP:
    # ldap.group.roleAttribute=cn
    # ldap.group.roleAttribute for Active Directory:
    # ldap.group.roleAttribute=distinguishedName
    ldap.group.roleAttribute=memberOf

    # user properties
    ldap.user.displayNameAttribute=displayName
    ldap.user.emailAttribute=mail

    # timeout in sec for cached authentications
    # the cache is used to to relieve the authentication provider and
    # to prevent multiple authentication requests from the same user in the defined timeframe
    # change the value to 0 if the caching should be disabled and
    # every request should be forwarded to the authentication provider
    ldap.cache.timeout=60

    # Connection timeout in ms regarding how long RapidMiner Server should wait for the LDAP server to respond
    ldap.connection.timeout=10000



  • MartinLiebigMartinLiebig Administrator, Moderator, Employee, RapidMiner Certified Analyst, RapidMiner Certified Expert, University ProfessorPosts:3,426RM Data Scientist
    please connect with our professional support at support.www.turtlecreekpls.com

    Best,
    Martin
    - Sr. Director Data Solutions, Altair RapidMiner -
    Dortmund, Germany
Sign InorRegisterto comment.