Page History
...
| Styleclass | ||
|---|---|---|
| ||
...
- Creating a user group folder in the Active Directory.
- Enabling the LDAP authentication setting on your Yellowfin instance
...
- .
- Ensure network connectivity between the Yellowfin server and the LDAP server.
- Define the default Yellowfin Role for LDAP users.
Set up in the Active Directory
- Ensure that you have set up a domain on your domain controller.
- Create a folder within that domain and add users and groups that you want to allow access to Yellowfin.
Defining the Default Role
For Yellowfin to provision users automatically it has to assign a role to them. This role is defined as a Yellowfin 'Default' Role. In the the Roles page page, define one Role as the Default.
- Navigate to Administration > General > Role Management
- Select the Role you wish to make Default
- Tick the the Default Role box and box and Save
Note: if if no role is set as default the users will not be provisioned correctly into Yellowfin and the process will fail.
Enable LDAP Authentication
You will need to make sure that your instance of Yellowfin has the LDAP authentication functionality enabled.
- In Yellowfin, navigate to the Configuration page. (Left side menu > Administration > Configuration)
- Click on the Authentication icon.
- Expand Authentication Method and select the LDAP option.
- This will reveal an LDAP section. Provide configuration details in this section. There are explained below in detail.
- Once the configuration details are provided, click on Test to validate the connection.
- You can save the validated connection by clicking on the Save button on the top-right of the screen.
| Anchor | ||||
|---|---|---|---|---|
|
Yellowfin LDAP Configuration
| Styleclass | ||
|---|---|---|
| ||
Property | Description |
|---|---|
LDAP Host | LDAP server hostname or IP address. |
LDAP Port | TCP/IP port that the LDAP server is listening on. Set this to 389 for normal LDAP connections, or 636 for encrypted connections (that is, if no custom changes have been to the LDAP configuration). |
| Encryption | The encryption method implemented by the LDAP server. (Options include: None, TLS, SSL) This determines whether or not the LDAP connection would need to be encrypted. |
LDAP Base Distinguishing Name (DN) | The LDAP node that all users and groups are contained within. All your users might not be contained within a single group, so set the base domain here. Yellowfin will start searching for the LDAP directory from here. |
LDAP (Yellowfin User) Group | LDAP Group Name that identifies which users can log into have access to Yellowfin. This group exists in the LDAP directory, not Yellowfin. Only members of this group will be able to login log in to Yellowfin. |
LDAP Bind UserThis is an | LDAP User that the Yellowfin application uses to connect to the LDAP directory for search access, it must have The username of the user with the rights to search the LDAP directory. The format of this username should either be in NETBIOS or full domain. For example: admin@Yellowfin.bi or YELLOWFIN\admin Note: It is not recommended to use an admin user. |
LDAP Bind Password | The LDAP Password password required for the Yellowfin application to connect to the LDAP directory, associated with ; it authenticates the LDAP Bind User defined above. You must click 'Update Password" before testing your settings. |
LDAP Search Attribute | This is a unique User Name field that LDAP users will login log in to Yellowfin with. You can find the LDAP attributes by opening the property box of an LDAP object and clicking on the 'Attribute Editor' tab. You can set most of these attributes to a value of your choice. The attribute name is what you will provide in the LDAP Search Attribute field. |
LDAP First Name Attribute | This maps to the First Name attribute of the user within the LDAP directory. This is so Yellowfin can match the user to a name and create an internal user account. |
LDAP Surname Attribute | This maps to the surname attribute of the user within the LDAP directory. This is so that Yellowfin can match the user to a name and create an internal user account. |
LDAP Email Attribute | This maps to the email address attribute of the user within the LDAP directory. This is so that Yellowfin can match the user to an email address for broadcast reports. |
LDAP Role Attribute | This maps to a Yellowfin Role to be assigned to the user instead of the Default Role. This way a user's role can be set in Yellowfin prior to their login. By default, users brought into Yellowfin via LDAP will have the 'Consumer & Collaborator' role. See RoleCode in OrgRole table. |
| LDAP Group Filtering Criteria | Criteria used to filter a list of LDAP groups. Only groups returned in the filtered list will be passed to Yellowfin. |
| Ordering | This order in which internal authentication is performed. (Options include: LDAP Authentication First , (default) or Internal Authentication First). This setting is important as it determines how Yellowfin will authenticate a user attempting to log in. |
Once defined, Yellowfin will automatically provision users as they attempt to login to Yellowfin for the first time.
...
| Setting | Parameter |
|---|---|
| LDAP Host | 192.168.4.241 |
| LDAP Port | 389 |
| LDAP Base DN | cn=Users,dc=i4,dc=local |
| LDAP Group | CN=Yellowfin Users,CN=Users, CD=i4,CD=local |
| LDAP Bind Usercn=Administrator,cn=Users,dc=i4,dc=local | admin@Yellowfin.bi or YELLOWFIN\admin |
| LDAP Bind Password | ********* |
| LDAP Search Attribute | employeeID |
| LDAP First Name Attribute | givenName |
| LDAP Surname Attribute | lastName |
| LDAP Email Attribute | userPrincipleName |
| LDAP Role Attribute | Writer |
| Ordering | LDAP Authentication First |
...
- Connect to LDAP host 192.168.4.241 on port 389
- Users will be searched from cn=Users, dc=i4, and dc=local
- Users will be allowed to access Yellowfin if they are a member of cn=Yellowfin Users, cn=Users, dc=i4, or dc=local
- The user search will be conducted with user cn=Administrator, cn=Users, dc=i4, dc=local bound to the LDAP server with the password defined'admin', who will get authenticated based on the bind password provided.
- The user will use employeeID as their login ID and Yellowfin will load their given name, surname, and email from the LDAP directory attributes givenName, lastName, and userPrincipleName respectively.
...