We have configured the Altas using OHDSI Broadsea 3.5 by using GitHub - OHDSI/Broadsea: Broadsea deploys the core OHDSI technology stack (Atlas & R Hades), using cross-platform Docker container technology.. Ldap is not working. Please help us fix it.
kindly find the below environment variables and config.local.js file
ENV variables
ATLAS_USER_AUTH_ENABLED=“true”
ATLAS_SECURITY_PROVIDER_TYPE=“ldap”
ATLAS_SECURITY_PROVIDER_NAME=“LDAP Authentication”
ATLAS_SECURITY_ICON=“fa-cubes”
ATLAS_SECURITY_USE_FORM=“true”
ATLAS_SECURITY_USE_AJAX=“true”
WEBAPI_SECURITY_PROVIDER=“AtlasRegularSecurity”
SECURITY_TOKEN_EXPIRATION=“28800”
SECURITY_AUTH_LDAP_ENABLED=“true”
SECURITY_LDAP_DN=“cn={0},OU=SystemUsers,OU=ServiceAccounts,DC=xxx,DC=xxx,DC=local”
SECURITY_LDAP_URL=“ldaps://ldaps.example.org:636”
SECURITY_LDAP_BASEDN=“OU=SystemUsers,OU=ServiceAccounts,DC=xxx,DC=xxx,DC=local”
SECURITY_LDAP_SYSTEM_USERNAME=“xxx”
SECURITY_LDAP_SYSTEM_PASSWORD_FILE=“./secrets/webapi/SECURITY_LDAP_SYSTEM_PASSWORD”
SECURITY_LDAP_SEARCHSTRING=“(&(objectClass=*)(commonName={0}))”
SECURITY_LDAP_USERMAPPING_DISPLAYNAMEATTR=“displayname”
SECURITY_LDAP_USERMAPPING_FIRSTNAMEATTR=“givenName”
SECURITY_LDAP_USERMAPPING_MIDDLENAMEATTR=“initials”
SECURITY_LDAP_USERMAPPING_LASTNAMEATTR=“sn”
SECURITY_LDAP_USERMAPPING_USERNAMEATTR=“cn”
SECURITY_LDAP_USERIMPORT_USERNAMEATTR=“cn”
SECURITY_LDAP_USERIMPORT_LOGINATTR=“uid”
SECURITY_LDAP_SEARCHBASE=“OU=Departments,OU=SystemUsers,OU=ServiceAccounts,DC=xxx,DC=xxx,DC=local”
config-local.js file settings
configLocal.userAuthenticationEnabled = $ATLAS_USER_AUTH_ENABLED;
configLocal.authProviders = [{
“name”: “$ATLAS_SECURITY_PROVIDER_NAME”,
“url”: “user/login/$ATLAS_SECURITY_PROVIDER_TYPE”,
“ajax”: $ATLAS_SECURITY_USE_AJAX,
“icon”: “fa $ATLAS_SECURITY_ICON”,
“isUseCredentialsForm”: $ATLAS_SECURITY_USE_FORM
}];
Error
2025-03-03 20:18:53.615 INFO http-nio-8080-exec-4 org.ohdsi.webapi.audittrail.AuditTrailServiceImpl - - <110>1 2025-03-03T20:18:53.614Z eaf865efef10 Atlas - - - User login failed: xxx, remote-host = 172.18.0.6
On the command line on webserver, we can successfully authenticate and query the LDAP server with the following:
ldapsearch -x -LLL -H ldaps://ldaps.example.org:636 -D “CN=example,OU=Service Accounts,OU=SystemUsers,DC=xxx,DC=xxx,DC=local” -W -b “OU=SystemUsers,DC=xxx,DC=xxx,DC=local”