Enabling LDAP authentication in JasperServer Reports
search cancel

Enabling LDAP authentication in JasperServer Reports

book

Article ID: 10519

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

This article shows steps on how to enable LDAP (Microsoft Active Directory) authentication in JasperReports Server.

Environment

CA Service Management 7.1 and higher.

Resolution

1. Please copy all files under your <Jasper media directory>\samples directory, i.e.

     a. applicationContext.xml
     b. applicationContext-externalAuth-LDAP-mt.xml
     c. applicationContext-externalAuth-template-mt.xml
     d. js.externalAuth.properties

and paste them into <Jasper 6.3 tomcat-folder>\webapps\<webapp-name>\WEB-INF directory (e.g. C:\Program Files\CA\SC\CA Business Intelligence\apache-tomcat\webapps\jasperserver-pro\WEB-INF), click 'yes' to overwrite existing files in the folder.

2. Modify applicationContext-externalAuth-LDAP-mt.xml file as the following

    a. Change groupSearchFilter property value within <contstructor-arg> tag (line 84)

        From

         <property name="groupSearchFilter" value="(uid={1})"/>

        To

         <property name="groupSearchFilter" value="(&amp;(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.1941:=2)))"/>

    b. Change <constructor-arg index="1"> value (line 97)

        From

         <value>(uid={0})</value>

        To

         <value>(sAMAccountName={0})</value>

    c. Add referral property value within <bean id="ldapContextSource> tag (line 107)

        From

         <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
         <constructor-arg value="${external.ldap.url}"/>
         <!-- manager user name and password (may not be needed) -->
         <property name="userDn" value="${external.ldap.username}"/>
         <property name="password" value="${external.ldap.password}"/>
         </bean>

        To

         <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
         <constructor-arg value="${external.ldap.url}"/>
         <!-- manager user name and password (may not be needed) -->
         <property name="userDn" value="${external.ldap.username}"/>
         <property name="password" value="${external.ldap.password}"/>
         <property name="referral" value="follow"/>
         </bean>

    d. Comment out list items of organizationRDNs property (line 149)

        From

         <property name="organizationRDNs">
         <list>
             <value>dc</value>
             <value>c</value>
             <value>o</value>
             <value>ou</value>
             <value>st</value>
         </list>
         </property>

      To

         <property name="organizationRDNs">
         <list>
            <!--<value>dc</value>
            <value>c</value>
            <value>o</value>
            <value>ou</value>
            <value>st</value>-->
         </list>
        </property> 

3. Modify js.externalAuth.properties file to specify your actual external.ldapUrl, external.ldapDn and external.ldapPassword. The following is the example of entire contents of the file.

  # External authentication properties that can be configured via
  # the master.properties file
  external.jdbc.driverClassName=${external.jdbcDriverClass}
  external.jdbc.url=${external.jdbcUrl}
  external.jdbc.username=${external.dbUsername}
  external.jdbc.password=${external.dbPassword}
  
  external.ldap.url=ldap://LDAP-SERVER:3268/dc=EXAMPLE,dc=com
  external.ldap.username=cn=administrator,ou=users,ou=support,dc=EXAMPLE,dc=com
  external.ldap.password=[LDAP-PASSWORD]
  external.ldap.authenticationmode=DIGEST-MD5
  external.ldap.domaincontroller=

4. Restart Jasper Tomcat service