How to enable LDAP authentication in CABI 6.3 JasperServer Reports

Document ID : KB000010519
Last Modified Date : 13/03/2019
Show Technical Document Details
Introduction:

This article shows steps how to enable LDAP (Microsoft Active Directory) authentication in CABI 6.3 JasperReports Server. If you are running CABI 6.1 JasperReports Server, please refer to knowledge document KB000044611 "How to enable LDAP authentication in CABI 6.1 JasperServer Reports" located at https://comm.support.ca.com/kb/how-to-enable-ldap-authentication-in-cabi-61-jasperserver-reports/KB000044611

Environment:
CABI 6.3 on Windows
Instructions:

1. Please copy all files under your <Jasper media directory>\samples directory, i.e.

     a. applicationContext.xml
     b. applicationContext-externalAuth-LDAP-mt.xml
     c. applicationContext-externalAuth-template-mt.xml
     d. js.externalAuth.properties

and paste them into <Jasper 6.3 tomcat-folder>\webapps\<webapp-name>\WEB-INF directory (e.g. C:\Program Files\CA\SC\CA Business Intelligence\apache-tomcat\webapps\jasperserver-pro\WEB-INF), click 'yes' to overwrite existing files in the folder.

 

2. Modify applicationContext-externalAuth-LDAP-mt.xml file as the following

    a. Change groupSearchFilter property value within <contstructor-arg> tag (line 84)

        From

          <property name="groupSearchFilter" value="(uid={1})"/>

        To

          <property name="groupSearchFilter" value="(&amp;(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.1941:=2)))"/>

    b. Change <constructor-arg index="1"> value (line 97)

        From

          <value>(uid={0})</value>

        To

         <value>(sAMAccountName={0})</value>

    c. Add referral property value within <bean id="ldapContextSource> tag (line 107)

        From

          <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
         <constructor-arg value="${external.ldap.url}"/>
         <!-- manager user name and password (may not be needed) -->
         <property name="userDn" value="${external.ldap.username}"/>
         <property name="password" value="${external.ldap.password}"/>
      </bean>

        To

      <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
         <constructor-arg value="${external.ldap.url}"/>
         <!-- manager user name and password (may not be needed) -->
         <property name="userDn" value="${external.ldap.username}"/>
         <property name="password" value="${external.ldap.password}"/>
         <property name="referral" value="follow"/>
      </bean>

    d. Comment out list items of organizationRDNs property (line 149)

        From

      <property name="organizationRDNs">
         <list>
             <value>dc</value>
             <value>c</value>
             <value>o</value>
             <value>ou</value>
             <value>st</value>
         </list>
      </property>

      To

      <property name="organizationRDNs">
         <list>
            <!--<value>dc</value>
            <value>c</value>
            <value>o</value>
            <value>ou</value>
            <value>st</value>-->
         </list>
     </property> 

    You can download modified applicationContext-externalAuth-LDAP-mt.xml file and just overwrite the file in <Jasper 6.3 tomcat-folder>\webapps\<webapp-name>\WEB-INF directory.

 

3. Modify js.externalAuth.properties file to specify your actual external.ldapUrl, external.ldapDn and external.ldapPassword. The following is the example of entire contents of the file.

  # External authentication properties that can be configured via
  # the master.properties file
  external.jdbc.driverClassName=${external.jdbcDriverClass}
  external.jdbc.url=${external.jdbcUrl}
  external.jdbc.username=${external.dbUsername}
  external.jdbc.password=${external.dbPassword}
  
  external.ldap.url=ldap://msad:3268/dc=ca,dc=com
  external.ldap.username=cn=administrator,ou=users,ou=Support,dc=ca,dc=com
  external.ldap.password=secret
  external.ldap.authenticationmode=DIGEST-MD5
  external.ldap.domaincontroller=
 

4. Restart Jasper tomcat 

5. Go to the Administration tab on CA Spectrum Oneclick:

Configure Spectrum Admin Page – Report Manager
Set Preferences –Enable Security = True

File Attachments:
TEC1123223.zip