Azure Active Directory integration with R Connect

pranavp13 · 2018-12-03 14:02:40 UTC

Hi,

We have setup our use base in Azure Active Directory and have installed R Connect on centos 7.

Based on the inputs suggested here: https://support.rstudio.com/hc/en-us/articles/227010968-LDAP-and-Active-Directory-authentication-in-RStudio-Connect
We tried to configure the AAD user configuration but it does not identify users in our domain.
We can login using the admin credentials that we setup using portal but we can't access using users setup in AAD.
Can anyone help with this.
Thanks in advance.

cat /etc/rstudio-connect/rstudio-connect.gcfg
Address = http://10.7.0.4:3939/

[HTTP]
; RStudio Connect will listen on this network address for HTTP connections.
Listen = :3939

[Authentication]
; Specifies the type of user authentication.
Provider = Password

[LDAP "LDAP Configuration"]
ServerAddress = xxxx.xxx:636
BindDN = "CN=RCon_ADSync,OU=AADDC Users,DC=xxxx,DC=xxx"
BindPassword = "xxxxxx"
UserSearchBaseDN = "OU=AADDC Users,DC=xxxx,DC=xxxxx"
Logging = true
;UniqueIdAttribute = "entryUUID"
;UsernameAttribute = "uid"
UserObjectClass = "user"
;UserEmailAttribute = mail
;UserFirstNameAttribute = givenName
;UserLastNameAttribute = sn

[Debug]
Log = ldap

rstub · 2018-12-03 14:55:33 UTC

There can only be one authentication provider. In your case this should be Provider = ldap. Otherwise the LDAP server will not be used. You will have to configure the admin via AD as well. But note that changing the authentication provider means a complete re-installation, c.f. http://docs.rstudio.com/connect/admin/authentication.html#changing-authentication-provider

ricardo · 2018-12-03 14:56:54 UTC

Hi!
The article you linked to has a few examples for both Active Directory and OpenLDAP which are the two most common LDAP vendors.
Unfortunately, you have used attribute values that only apply to OpenLDAP.

Here's an example of LDAP user attributes for Active Directory:

UserObjectClass = user
UsernameAttribute = sAMAccountName
UserEmailAttribute = mail
UserFirstNameAttribute = givenName
UserLastNameAttribute = sn
UniqueIdAttribute = objectGUID

If you were to use LDAP groups, here are the group attribute values for AD:

GroupObjectClass = group
GroupNameAttribute = cn
GroupUniqueIdAttribute = objectGUID

I hope that helps!

pranavp13 · 2018-12-04 14:06:04 UTC

Thanks all for quick reply,

Now we purged and we got the fresh install of rconnect.
Now we are able to pick ldap configuration. However, we are still getting below errors:

2018/12/04 13:45:46 /connect/src/connect/auth/providers/ldap/client.go:167: (ldap) [LDAP Connection ID ckUqaGv] Failed to bind to ldap server: unable to read LDAP response packet: read tcp 10.7.0.4:46574->10.1.11.5:636: read: connection reset by peer

can anyone help us with this, why it would be the issue?

Thanks

system · 2018-12-25 14:14:39 UTC

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.