Dear metabase team and community,
In case of LDAP authentication, and when using SSL,
could you please advise how I can provide the certificate info ?
I cannot see such a field so that I can parameterise it…
Nikos
Dear metabase team and community,
In case of LDAP authentication, and when using SSL,
could you please advise how I can provide the certificate info ?
I cannot see such a field so that I can parameterise it…
Nikos
Did you mean SSL for the webpage itself or SSL for the LDAP connection? We are using LDAP auth and SSL for the webpage itself and I made a handy little metabase start script, but we are running the .jar version of metabase.
#!/bin/bash
export MB_JETTY_SSL="true"
export MB_JETTY_SSL_Port="443"
export MB_JETTY_SSL_Keystore="/path/to/keystore/keystore.jks"
export MB_JETTY_SSL_Keystore_Password="password"
java -jar metabase.jar &
unfortunately am not able to find in the docs, how to specify the certificate for LDAP auth… any ideas anyone ?
I have not tested this out, but I would assume you can use the standard Java mechanisms. So e.g. point to your keystore with a -D
option when you start Metabase.jar. See some options here:
Let us know how it works out for you!
thanks a lot. i am looking into it
guys, could you please advise how can i possibly troubleshoot LDAP issues ? when ldap-authentication fails, i cannot read anything in the logs …
I just tried switching my LDAP host to an invalid hostname and got this in the log (when I saved the wrong settings):
Jan 15 17:43:53 WARN metabase.api.ldap :: Problem connecting to LDAP server: An error occurred while attempting to resolve address 'myhost.example.com': java.net.UnknownHostException: myhost.example.com: unknown error
Jan 15 17:43:53 ERROR metabase.middleware :: PUT /api/ldap/settings 500 (56 ms) (0 DB calls) {:errors {:ldap-host "Wrong host or port", :ldap-port "Wrong host or port"}}
According to the source code for LDAP there should be some other logging in there as well. Maybe you can start by setting up a test ldap host either with or without SSL and see if you can replicate what I did … then take baaaaaby steps from there?
stupid me i forgot to toggle the switch that enables the LDAP auth.
Everything works! And I am a happy metabase user
Great you got it sorted! It’s always the little things that trips you up
In the meantime I figured out that:
pointing to a valid SSL cert probably isn’t needed at all :trustcert
here https://github.com/pauldorman/clj-ldap#connect-options for the underlying lib leaves me with that impression
I could as well try to switch to SSL for our LDAP and I now seem to have it running fine on port 636 too. So I also got something out of this