Hi Team,
I have configured the Altas through docker-compose by using reference of below code. Everything is working but ldap is not working . Could you please help me to fix it

cat config-local.js
define([], function () {
var configLocal = {};

    // clearing local storage otherwise source cache will obscure the override settings
    localStorage.clear();

    var getUrl = window.location;
    var baseUrl = getUrl.protocol + "//" + getUrl.host;

    // WebAPI
    configLocal.api = {
            name: 'OHDSI',
            url: 'https://10.175.158.228:443/WebAPI/'
    };

    configLocal.cohortComparisonResultsEnabled = false;
    configLocal.userAuthenticationEnabled = true;
    configLocal.plpResultsEnabled = false;

    configLocal.authProviders = [{
                    "name": "Local Security Test DB",
                    "url": "user/login/db",
                    "ajax": true,
                    "icon": "fa fa-database",
                    "isUseCredentialsForm": true
                  },
                 {
                    "name": "AD",
                    "url": "user/login/ad",
                    "ajax": true,
                    "icon": "fa fa-cubes",
                    "isUseCredentialsForm": true
                  }];
    return configLocal;

});

cat docker-compose.yml

version: ‘2’

services:

broadsea-methods-library:
image: ohdsi/broadsea-methodslibrary
ports:
- “8787:8787”
- “6311:6311”
environment:
- PASSWORD=mypass

broadsea-webtools:
image: ohdsi/broadsea-webtools
ports:
- “443:8443”
volumes:
- .:/tmp/drivers/:ro
- ./config-local.js:/usr/local/tomcat/webapps/atlas/js/config-local.js:ro
- ./cacerts:/usr/local/openjdk-8/jre/bin/cacerts:rw
- ./create_keystore.sh:/usr/local/openjdk-8/jre/bin/create_keystore.sh:rw
- ./atlas-keystore.jks:/usr/local/openjdk-8/sample/jmx/jmx-scandir/atlas-keystore.jks:rw
- ./server.xml:/usr/local/tomcat/conf/server.xml:rw
environment:
- WEBAPI_URL=https://10.175.158.228:443
- env=webapi-postgresql
- security_enabled=true
- security_cors_enabled=true
- security_origin=*
- datasource_driverClassName=org.postgresql.Driver
- datasource_url=jdbc:postgresql://10.175.158.228:5432/OHDSI
- datasource_ohdsi_schema=ohdsi
- datasource_username=ohdsi_app_user
- datasource_password=3547647f10f7484ad5a7003ffbb95570
- spring_jpa_properties_hibernate_default_schema=ohdsi
- spring_jpa_properties_hibernate_dialect=org.hibernate.dialect.PostgreSQLDialect
- spring_batch_repository_tableprefix=ohdsi.BATCH_
- flyway_datasource_driverClassName=org.postgresql.Driver
- flyway_datasource_url=jdbc:postgresql://10.175.158.228:5432/OHDSI
- flyway_schemas=ohdsi
- flyway_placeholders_ohdsiSchema=ohdsi
- flyway_datasource_username=ohdsi_admin_user
- flyway_datasource_password=3547647f10f7484ad5a7003ffbb95570
- flyway_locations=classpath:db/migration/postgresql
- security_provider=AtlasRegularSecurity
- security_maxLoginAttempts=3
- security_duration_initial=10
- security_duration_increment=10
- security_db_datasource_url=jdbc:postgresql://10.175.158.228:5432/Security
- security_db_datasource_driverClassName=org.postgresql.Driver
- security_db_datasource_schema=atlas_security
- security_db_datasource_username=ohdsi_app_user
- security_db_datasource_password=3547647f10f7484ad5a7003ffbb95570
- security_db_datasource_authenticationQuery=select password from atlas_security.demo_security where username = ?
- security_ssl_enabled=true
- server_port=443
- security_auth_ad_enabled=true
- security.ad.url=ldaps://########:636
- security.ad_basedn=‘ou=internal,ou=Users,dc=science,dc=roche,dc=com’
- security.ad.principalSuffix=@science.roche.com
- security.ad.system.username=CN=SVC-phcaa-T1,OU=ServiceAccounts,DC=science,DC=roche,DC=com
- security.ad.system.password=$$$$$$$$$$
- security_ad_searchFilter="(&(objectClass=person)(uid=*))"

I’ve added an example of Atlas LDAP authentication in Broadsea here:

However, your example seems to indicate you want to do Active Directory authentication (contrary to the title of this thread).

Hi Lee,

I am using the ldap authentication and below is my ldap env variables which I added in Docker-compose file. Could you please confirm if docker images have the updated settings.xml file ??

root@spdpaa0736-usw2:~/OHDSI/Broadsea/postgresql# cat docker-compose.yml|grep -i ldap
- security_auth_ldap_enabled=true
- security_ldap_url=ldaps://#######.com:636
- security_ldap_bindDn=cn=user=ou=ServiceAccounts,dc=science,dc=roche,dc=com
- security_ldap_baseDn=ou=internal,ou=Users,dc=science,dc=roche,dc=com
- security_ldap_system_username=cn=SVC-phcaa-T1,ou=ServiceAccounts,dc=science,dc=roche,dc=com
- security_ldap_system_password=############
- security_ldap_searchString=(&(objectClass=person)(uid=*))
- security_ldap_searchBase=dc=science,dc=roche,dc=com
root@spdpaa0736-usw2:~/OHDSI/Broadsea/postgresql#

Your docker-compose.yml environment variable names are incorrect. Especially note the use of period or underscore in each variable name.

Below is an example of the exact environment vars you need to set in the docker-compose.yml file. The values to populate these variables are dependent on your specific organization LDAP setup.

  - security_enabled=true
  - security_origin=*
  - security_provider=AtlasRegularSecurity
  - security.ldap.dn=cn={0},ou=users,dc=example,dc=org
  - security.ldap.url=ldap://host.docker.internal:1389
  - security.ldap.baseDn=ou=users,dc=example,dc=org
  - security.ldap.system.username=user01
  - security.ldap.system.password=password1
  - security.ldap.searchString=(&(objectClass=*)(commonName={0}))
  - security.ldap.searchBase=ou=users,dc=example,dc=org

If you need some paid Broadsea consulting help to troubleshoot & get Atlas LDAP security set up and running in your organization, feel free to direct message me or use the “contact us today” menu bar link on my company website: