R studio Pro integration with Active Directory

activedirectory

#1

Please help me with Active Directory Integration of R Studio Pro.
Thanks in advance!


#2

With such a general question, you may be better off with the premium support for RStudio Pro:
https://support.rstudio.com/hc/en-us/requests/new

You have to get the Linux PAM system connected to Active Directory, which might help guide a web search, but the specifics beyond that likely depend quite a bit on the details of your network. What distribution of Linux you’re using, what version of Active Directory you’re on, and so on.

I’ll move this to the #r-admin category to see if anyone has some general resources that might be good starting points for you and other people looking to deal with Active Directory.


#3

Thanks for quick response!

I have Oracle Linux version 6
I have to install Rstudon on Oracle Big Data Appliance and then integrate with Active directory and group.

Regards


#4

Hi @Rgeek, I agree with @nick, please feel free to open a support ticket. In the meanwhile, the way RStudio Pro connects to AD is via PAM, this support article may help you get started: https://support.rstudio.com/hc/en-us/articles/232226708-Using-LDAP-authentication-with-RStudio-Server-Pro, along with this TechNet article: https://technet.microsoft.com/en-us/library/2008.12.linux.aspx


#5

I had this issue on Ubuntu 16.04

This guide was quite useful, but not complete
https://help.ubuntu.com/lts/serverguide/sssd-ad.html

But basically, the approach is, use kerberos authentication with samba to connect to the windows network,
get your network guys to give you an entry in DNS.
Then modify PAM to use krb5

As I recall, for debian, libheimdal was a weird missing piece

I also have a few AD search functions to test that I could see the ldap server properly

The following should work even if you don’t have the above configured:

get_user <- function(user) {
  # this will need some architecture assistance
  parse_ldif(
    system2(
      "ldapsearch",
      args = 
        c(
          '-x','-LLL',
          # Bind string here, can grab this from your rstudio connect/shiny server pro config file if you've done this before
          '-D "DC=example,DC=net"',
          '-W',
          '-H ldap://XXX.XXX.XXX.XXX',
          '-b "DC=example,DC=net"',
          sprintf('-s sub "uid=%s"',user)
        # Input here is the bind password
        ),input = "XXXXXXXXXX",stdout = TRUE,stderr = TRUE
      
    )
  )
}
# A simple parser (may not work with all LDIF, I've barely tested this elsewhere)
# If it doesn't work, just remove it from the above function
parse_ldif <- function(y) {
  x <- grepl('^\\s',y)
  y[which(x) - 1] <- paste0(y[which(x) - 1], trimws(y[which(x)]))
  out <- y[-which(x)]
  others <- out[grepl('^#',out)]
  out <- out[!grepl('^#',out)]
  out <- out[!grepl('^\\s', out)]
  x <- read.dcf(textConnection(out),all = TRUE)
  c(as.list(x),
    list(otherfields = others))
}

#6

We have an instance of FreeIPA installed that’s in a one way trust with AD. Making IPA work with RStudio was a lot easier than I expected. Once the RStudio server was connected to the IPA domain, we created an /etc/pam.d/rstudio that looked like this:

#%PAM-1.0
auth      required       pam_sss.so     nodelay
password  sufficient     pam_sss.so
account   [default=bad success=ok user_unknown=ignore]     pam_sss.so

Then created a service in IPA and allowed users in the AD group rstudio. IPA web service authentication documentation here


#7

A post was split to a new topic: Connection steps from Redhat to Active Directory. Any suggestions