Categories

Versions

You are viewing the RapidMiner Server documentation for version 9.7 - Check here for latest version

Changing LDAP settings

By default the LDAP authentication for RapidMiner Server is disabled. If you want to enable it, you need to modify the property file local-security.properties which is located in the in the /configuration subfolder of your RapidMiner Server home directory and restart RapidMiner Server. After you have enabled LDAP authentication both user types (LDAP and local users) should be able to log in to RapidMiner Server.

System environment variables can be referenced by using the ${env} notation in the value field (i.e. ldap.enabled=${LDAP_ENABLED}). See standalone.conf file for complete list of environment variables created at startup, useful environment variables to utilize here could be ${rmserver.home.dir}, ${rapidminer.user-home}, and ${jboss.server.config.dir}.

System environment variables can replace properties simply by defining them with the same name on the system and removing (or commenting out) the property from the file.

#
# Properties for using LDAP authentication with RapidMiner Server
#

# enable or disable LDAP authentication
ldap.enabled=false

# provider url
ldap.providerUrl=ldap://host:port/dc=DomainComponent

# user/pass to access ldap
ldap.user=cn=CommonName,dc=DomainComponent
ldap.password=changeit

# search settings
ldap.search.base=ou=OrganizationUnit
ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@active.directory.domain))

# group properties
ldap.group.roleAttribute=distinguishedName

# user properties
ldap.user.displayNameAttribute=cn
ldap.user.emailAttribute=email

# timeout in sec for cached authentications
ldap.cache.timeout=60

# LDAP connection timeout in ms i.e. how long RapidMiner Server should wait for the LDAP server to respond.
ldap.connection.timeout=10000

The content of the property file depends on your environment. In the following we list two example configurations for different authentication providers.

# enable LDAP authentication
ldap.enabled=true

# provider url
ldap.providerUrl=ldap://SERVER:3268/DC=ad,DC=rapidminer,DC=com

# user/pass to access ldap
ldap.user=CN=admin,DC=ad,DC=rapidminer,DC=com
ldap.password=ADMIN_PASS

# search settings
ldap.search.base=ou=rapidminer_devs
ldap.search.filter=(&(objectClass=user)(userPrincipalName={0}@ad.rapidminer.com))

# group properties
ldap.group.roleAttribute=distinguishedName

# user properties
ldap.user.displayNameAttribute=cn
ldap.user.emailAttribute=email

# timeout in sec for cached authentications
ldap.cache.timeout=60

# LDAP connection timeout in ms i.e. how long RapidMiner Server should wait for the LDAP server to respond.
ldap.connection.timeout=10000
# enable LDAP authentication
ldap.enabled=true

# provider url
ldap.providerUrl=ldap://SERVER:389/dc=rapidminer,dc=com

# user/pass to access ldap
ldap.user=cn=admin,dc=rapidminer,dc=com
ldap.password=changeit

# search settings
ldap.search.base=ou=rapidminer_devs
ldap.search.filter=(&(objectClass=inetOrgPerson)(uid={0}))

# group properties
ldap.group.roleAttribute=cn

# user properties
ldap.user.displayNameAttribute=cn
ldap.user.emailAttribute=email

# timeout in sec for cached authentications
ldap.cache.timeout=60

# LDAP connection timeout in ms i.e. how long RapidMiner Server should wait for the LDAP server to respond.
ldap.connection.timeout=10000

During the initial setup phase of LDAP, it might be helpful to have a look at login messages and errors. To enable logging these to the console output of RapidMiner Server, you need to edit the standalone.xml located in the standalone/configuration folder of your RapidMiner Server installation. Find the <subsystem xmlns="urn:jboss:domain:logging:1.5"> entry and change the level of the <console-handler name="CONSOLE"> to DEBUG. Note that by default, these messages are already logged to the server.log located in the standalone/log folder of RapidMiner Server.

You can also encrypt the content of your local-security.properties. Look here to find out how.