LDAP Authentication - Logging properties

dtjowandi · July 20, 2020, 7:07pm

i am trying to setup the ldap authentication for knime web portal against azure directory service (ADDS). This is the configuration that i follow (from the knime server advanced setup guide):

<Realm   className="org.apache.catalina.realm.JNDIRealm"  connectionURL="ldap://x.x.x.x:389"
       userPattern="uid={0},dc=mycompany,dc=com" roleBase="dc=mycompany,dc=com"
          roleName="cn" roleSearch="(uniqueMember={0})" />

the adds has flat ou setup so no ou is used. the configuration above is added into server.xml and i restart apache (knime-server). The auth against the adds doesnt work. Is authentication logged somewhere ? server.xml is the only file / place that needs to be configured with ldap settings ?

i see there are some settings on server.xml that can be enabled for debugging auth related errors but i am wondering where the log files are and which log files they are:

cotton-a · July 22, 2020, 6:53pm

Hi, I’ve had some success in looking at /knime_server/apache-tomee-plus-7.0.5/logs/localhost.YYYY-MM-DD.log file to see messages that helped me debug. It will show explicit denies to users that are not in the correct groups.

dtjowandi · July 22, 2020, 9:00pm

i dont see anything related to authentication on that log file. the advanced setup guide says to add the ldap authentication configuration into server.xml. in which section of server.xml exactly it needs to be added at ?

the guide shows an example of the configuration as follows (for ldap authentication using anonymous connection):

<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://localhost:389"
userPattern="uid={0},ou=people,dc=mycompany,dc=com"
roleBase="ou=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>

NDekay · July 24, 2020, 7:09pm

Hello,

If you go into <knime_install_dir>/<$apache_dir>/conf/server.xml, there is a section (around line 141 in the default starting file) where it says:

{
<!–Enable and change the below to enable LDAP authentication; for details see the KNIME LDAP Guide–>
<!–<Realm className=“org.apache.catalina.realm.JNDIRealm” connectionURL=“ldap://localhost:389” roleBase=“ou=groups,dc=mycompany,dc=com” roleName=“cn” roleSearch="(uniqueMember={0})" userPattern=“uid={0},ou=people,dc=mycompany,dc=com”/>–>
}

This is where you could uncomment the Realm entry (remove the  portions on the Realm line) and then insert your own LDAP configuration information (as specified in the Advanced Setup Guide).

(Alternatively, you can leave the sample one commented out, and just input your own uncommented version, and it would be fine, too.)

Please let us know if you have any other questions.

Thank you,
Nickolaus