Hi,

I've configured LDAP auth by I am unsuccessfull to use LDAP (AD in this case) groups to grant permissions to folders, I've tried different configs with no luck. My questions in this matter:

1. how should I refer to groups from LDAP, by sAMAccountName ?

2. Should I add this groups manually in ejb file or should they be available by default ?

3. How can I debug security problems when accessing content ?

Thanks,

Artur

Hi Artur, thanks for your questions regarding the LDAP/AD integration. The configuration depends on your system, but usually these properties need to be defined:

search-filter: ( &(objectClass=person)(cn=%s))

group-base-dn: ou=knime,ou=apps,o=orga,c=com

search-bind-password: xxxxxxxxxx

group-search-filter: ( &(objectClass=groupOfNames)(member=%d))

search-bind-dn: cn=knime,ou=admin,o=orga,c=com

The "Assign Group" option remains empty. However you are required to edit the sun-ejb.xml to add the group by name and role. Please run a touch .reload within the deployed enterprise application after the file has been edited. To see more verbose output, you can change the log level on Security under Application Server > Logging > Log Levels. Please also refer to our KNIME Server documentation available here.