OHDSI Home | Forums | Wiki | Github

LDAP security for ATLAS - next/last step?

broadsea_security_enabled_SMU.txt (4.7 KB)


I have followed the documentation explicitly, and I feel we are finally close to implementing LDAP successfully. Unfortunately, there isn’t any guidance on how to create the actual USERS/GROUP/ORG in LDAP such that ATLAS/WebAPI utilizes the right login.

For example, stating the user in the docker-compose.yaml does get recognized but the LDAP server logs in “user01” by default.

Any guidance would be greatly appreciated!!!

@Ajit_Londhe @Chris_Knoll :slight_smile:

If you have a sample LDIF that works?!? Please post.

TY!

I just noticed that that “configLocal.userAuthenticationEnabled = false;” This is a global config file for ohdsi-atlas.

Is this interfering with the LDAP configuration of WebAPI?


Yes, Atlas config-local.json needs to have the settings for auth established.

Just for testing purposes, however, can you try with ROhdsiWebApi package?

Found it on GitHub. I’d be happy to! Though some basic instruction would be helpful. I’m new to R.

Anything more than just ‘userAuthenticationEnabled = true’?



Which form of syntax is correct for the Broadsea docker-compose.yml?

variable= or variable: “whatever” ???

@lee_evans

I have spent hours today trying to get this to work.

Fellow Broadsea adventurer here. I have yet to successfully enable LDAP or DB authentication in Broadsea.

Am having trouble reconciling some inconsistencies in the ATLAS, WebAPI, and Broadsea documentation for setting up authentication.

Would really appreciate an example of a full, working docker-compose and config-local file with authentication enabled, so that the relevant code snippets in the Broadsea docs are seen in context.

@Jason_Theobald:

After confirmation with @Sanjay_Udoshi that this is working, you can try the new Broadsea 3.0 that we are preparing: https://github.com/alondhe/Broadsea/tree/develop

This changes the implementation in several ways, so please review the README file closely, particularly this section: https://github.com/alondhe/Broadsea/tree/develop#broadsea---advanced-usage

1 Like

Thank you so much. I like what you are doing with the OMOP vocab load scripts.

I did find a temporary workaround for the config-local issue:

docker-compose cp config-local.js ohdsi-atlas:/usr/share/nginx/html/atlas/js/config-local.js

Run this after docker-compose up and it will copy the config to the atlas container.

Similarly, was able to troubleshoot and find the right connection strings for the DB authentication, after many hours of playing with it.

2 Likes

Hello Jason,

Did anyone ever share the example as you requested? I am also having issues getting a connection to LDAP to work in my dev environment. Anything you figured out could be helpful to me.

Atlas presents me with a login link. When I click it, it opens a login window. Adding my user “bob@XL.com” with a password of “password” gives me “Bad credentials”. I know my ATLAS is seeing the correct section of my “.env” file because the pop-up login window has my LDAP label correctly.

Thanks.

–Buck

t