LDAP security for ATLAS - next/last step?

Sanjay_Udoshi · March 21, 2023, 6:11pm

broadsea_security_enabled_SMU.txt (4.7 KB)

I have followed the documentation explicitly, and I feel we are finally close to implementing LDAP successfully. Unfortunately, there isn’t any guidance on how to create the actual USERS/GROUP/ORG in LDAP such that ATLAS/WebAPI utilizes the right login.

For example, stating the user in the docker-compose.yaml does get recognized but the LDAP server logs in “user01” by default.

Any guidance would be greatly appreciated!!!

@Ajit_Londhe @Chris_Knoll

If you have a sample LDIF that works?!? Please post.

TY!

Sanjay_Udoshi · March 21, 2023, 6:19pm

I just noticed that that “configLocal.userAuthenticationEnabled = false;” This is a global config file for ohdsi-atlas.

Is this interfering with the LDAP configuration of WebAPI?

Ajit_Londhe · March 21, 2023, 6:52pm

Yes, Atlas config-local.json needs to have the settings for auth established.

Just for testing purposes, however, can you try with ROhdsiWebApi package?

Sanjay_Udoshi · March 21, 2023, 8:15pm

Found it on GitHub. I’d be happy to! Though some basic instruction would be helpful. I’m new to R.

Sanjay_Udoshi · March 21, 2023, 8:16pm

Anything more than just ‘userAuthenticationEnabled = true’?

Sanjay_Udoshi · March 22, 2023, 1:45am

Which form of syntax is correct for the Broadsea docker-compose.yml?

variable= or variable: “whatever” ???

@lee_evans

I have spent hours today trying to get this to work.

Jason_Theobald · April 10, 2023, 3:26am

Fellow Broadsea adventurer here. I have yet to successfully enable LDAP or DB authentication in Broadsea.

Am having trouble reconciling some inconsistencies in the ATLAS, WebAPI, and Broadsea documentation for setting up authentication.

Would really appreciate an example of a full, working docker-compose and config-local file with authentication enabled, so that the relevant code snippets in the Broadsea docs are seen in context.

Ajit_Londhe · April 10, 2023, 3:28pm

@Jason_Theobald:

After confirmation with @Sanjay_Udoshi that this is working, you can try the new Broadsea 3.0 that we are preparing: https://github.com/alondhe/Broadsea/tree/develop

This changes the implementation in several ways, so please review the README file closely, particularly this section: https://github.com/alondhe/Broadsea/tree/develop#broadsea---advanced-usage

Jason_Theobald · April 10, 2023, 5:08pm

Thank you so much. I like what you are doing with the OMOP vocab load scripts.

I did find a temporary workaround for the config-local issue:

docker-compose cp config-local.js ohdsi-atlas:/usr/share/nginx/html/atlas/js/config-local.js

Run this after docker-compose up and it will copy the config to the atlas container.

Similarly, was able to troubleshoot and find the right connection strings for the DB authentication, after many hours of playing with it.

BuckUF · May 2, 2024, 4:44pm

Hello Jason,

Did anyone ever share the example as you requested? I am also having issues getting a connection to LDAP to work in my dev environment. Anything you figured out could be helpful to me.

Atlas presents me with a login link. When I click it, it opens a login window. Adding my user “bob@XL.com” with a password of “password” gives me “Bad credentials”. I know my ATLAS is seeing the correct section of my “.env” file because the pop-up login window has my LDAP label correctly.

Thanks.

–Buck