I've configured LDAP auth by I am unsuccessfull to use LDAP (AD in this case) groups to grant permissions to folders, I've tried different configs with no luck. My questions in this matter:
1. how should I refer to groups from LDAP, by sAMAccountName ?
2. Should I add this groups manually in ejb file or should they be available by default ?
3. How can I debug security problems when accessing content ?
Hi Artur, thanks for your questions regarding the LDAP/AD integration. The configuration depends on your system, but usually these properties need to be defined:
search-filter: ( &(objectClass=person)(cn=%s))
group-search-filter: ( &(objectClass=groupOfNames)(member=%d))
The "Assign Group" option remains empty. However you are required to edit the sun-ejb.xml to add the group by name and role. Please run a touch .reload within the deployed enterprise application after the file has been edited. To see more verbose output, you can change the log level on Security under Application Server > Logging > Log Levels. Please also refer to our KNIME Server documentation available here.