SpagoBI集成LDAP访问
Ricky
posted @ 2017年3月20日 16:36
in Other
, 2261 阅读
SpagoBI 5.2集成AD访问
官方手册是在太老了, 花了一天时间才搞定
1. 仍然是修改三个参数
SPAGOBI.SECURITY.PORTAL-SECURITY-CLASS.className=it.eng.spagobi.security.LdapSecurityProviderImpl
SPAGOBI.SECURITY.USER-PROFILE-FACTORY-CLASS.className=it.eng.spagobi.security.LdapUserProfileFactoryImpl
SPAGOBI.SECURITY.PORTAL-SECURITY-INIT-CLASS.className=it.eng.spagobi.security.init.LdapSecurityProviderInit
2. ldap_authirizations.xml
<?xml version="1.0" encoding="UTF-8"?> <LDAP_AUTHORIZATIONS default="FALSE"> <CONFIG> <!-- SERVER --> <HOST>10.16.10.98</HOST> <PORT>389</PORT> <ADMIN_USER>ldapadmin@tfsad.com</ADMIN_USER> <!-- THIS IS KEY --> <ADMIN_PSW>password</ADMIN_PSW> <!-- password in clear text --> <BASE_DN>DC=tfsad,DC=com</BASE_DN> <!-- base domain, if any --> <!-- USERS --> <USER_SEARCH_PATH>ou=XXX</USER_SEARCH_PATH> <!-- SpagoBI will look for users under this node - Our user OU is STAFF --> <USER_OBJECT_CLASS>user</USER_OBJECT_CLASS> <!-- class for users' objects --> <USER_ID_ATTRIBUTE_NAME>sAMAccountName</USER_ID_ATTRIBUTE_NAME> <!-- name of the attribute containing the user identifier --> <USER_NAME_ATTRIBUTE_NAME>name</USER_NAME_ATTRIBUTE_NAME> <!-- name of the attribute(*) containing the user name --> <SUPER_ADMIN_ATTRIBUTE_NAME>superAdmin</SUPER_ADMIN_ATTRIBUTE_NAME> <!-- name of the attribute(*) containing the super admin flag --> <!-- (*) SPAGOBI attribute, not LDAP attribute!!! It must match the "name" attribute of one USER_ATTRIBUTE tag below --> <USER_MEMBEROF_ATTRIBUTE_NAME>memberOf</USER_MEMBEROF_ATTRIBUTE_NAME> <!-- this attribute has to contain the list of groups the user belongs to --> <!-- list of the users' attributes to be loaded when querying the LDAP --> <USER_ATTRIBUTE name="id">sAMAccountName</USER_ATTRIBUTE> <!-- LDAP attribute to be considered as SpagoBI attribute --> <USER_ATTRIBUTE name="name">name</USER_ATTRIBUTE> <USER_ATTRIBUTE name="mail">mail</USER_ATTRIBUTE> <USER_ATTRIBUTE name="memberOf">memberOf</USER_ATTRIBUTE> <USER_ATTRIBUTE name="superAdmin">superAdmin</USER_ATTRIBUTE> --> <!-- GROUPS --> <GROUP_SEARCH_PATH>OU=XXX</GROUP_SEARCH_PATH> <!-- SpagoBI will look for groups under this node --> <GROUP_OBJECT_CLASS>group</GROUP_OBJECT_CLASS> <!-- class for groups' objects --> <GROUP_ID_ATTRIBUTE_NAME>cn</GROUP_ID_ATTRIBUTE_NAME> <!-- the attribute containing the name of the group --> <!-- list of the users' attributes to be loaded when querying the LDAP --> <!-- <GROUP_ATTRIBUTE>ou</GROUP_ATTRIBUTE> --> <GROUP_ATTRIBUTE>cn</GROUP_ATTRIBUTE> <ACCESS_GROUP_NAME></ACCESS_GROUP_NAME> <!-- Access group name: if specified, users must belong to this group in order to enter SpagoBI --> <GROUP_MEMBERS_ATTRIBUTE_NAME></GROUP_MEMBERS_ATTRIBUTE_NAME> <!-- this attribute has to contain the list of users belonging to this group, in case the ACCESS_GROUP_NAME is specified --> </CONFIG> </LDAP_AUTHORIZATIONS>
注意密码是明文,而不是加密过的
3. AD中添加superAdmin自定义属性
添加时需要具有Enterprise Admin和Schema Admin组的权限,另外需要在注册表中确认Update Schema Allowded是否设置为1
添加后需要重启AD服务,参考http://www.morgantechspace.com/2013/08/how-to-create-custom-attribute-in.html
4. 添加角色映射
参考https://www.spagoworld.org/jforum/posts/list/3600.page
2021年3月20日 13:32
2021年5月02日 16:33
I needed to thank you for this fantastic read!! I unquestionably cherished each and every piece of it. I have you bookmarked your site to look at the new stuff you post.
2021年5月18日 18:55
I think this is an informative post and it is very beneficial and knowledgeable. Therefore, I would like to thank you for the endeavors that you have made in writing this article. All the content is absolutely well-researched.
2021年7月06日 20:14
Great job for publishing such a beneficial website. Noida Escorts Escorts in Pari Chowk Dwarka Escorts Vaishali Escorts South Delhi Escorts South Delhi Escorts Your weblog isn’t only useful but it is additionally really creative too. This is a great feature for sharing this informative message.
2021年7月17日 18:26
I discovered your blog website on google and test a few of your early posts. Continue to keep up the superb operation.
<a href="https://www.escortsindwarka.com/uttam-nagar-call-girls.html">Escorts in Uttam Nagar</a>
<a href="https://www.escortsindwarka.com/call-girlfriend-relationship.html">Call Girlfriends</a>
2021年9月12日 12:19
You helpful information provide us a great ideas and thoughts. Escorts Service in Anna Nagar ||Marina Beach Escorts service ||Harrington Road Escort ||Escorts in Valarpuram
2022年5月04日 19:41
This is such a great web page with such wonderful content. Russian Escorts in Aerocity || HiFi Call Girls || Click On the Link || Swedish Massage Service || Call Girls in Goa || Goa Escorts || Escorts in Aerocity Guys to make your day I have the best link here
2022年5月04日 19:43
2022年6月16日 14:37
You are posting a particularly informative and Hot Call Girls in Nehru Place || Independent Escorts in Basilica Bom Beaches || Banaswadi Escorts Service || Nehru Place Escorts Service || Janakpuri Call Girls Service || Sexy Nehru Place Call Girls || Escorts in Nehru Place Service || Nehru Place Escorts || Independent Escorts in South Delhi || South Delhi Escorts || Escorts in South Delhi || Call Girls in South Delhi || Escorts in South Delhi || Delhi Call Girls || || phenomenal article on this webpage site page which is detailed.
2022年6月16日 14:39
2022年6月25日 15:42
It absolutely depicts the article I like. <a href="https://www.thebangaloreescorts.in/">Bangalore Escorts</a> It is an especially careful page and the fashioner figures out the goliath region intrigue beating everything.
2022年9月15日 13:27
You may now receive some excellent discounts on all of those things in order to obtain the best bargain. This is feasible using Zinus Coupon Codes, which are a variety of discounts and promotional offers that may help you acquire what you need while saving the most money.