LDAP Directory Manager: Linking Between User and Group

 
1
0
-1

I successfully managed to integrate Joget with LDAP server (FreeIPA) using LDAP Directory Manager plugin. I've got all the users and the groups, yet I'm unable to link the users to their groups and vice versa --"group list" in user details and "user list" in group detail are both empty.

 

I'm currently working with demo server for testing purposes:

URL : ldap://ipa.demo1.freeipa.org:389
Admin Username (Principal) : uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
Admin Password (Credential) : Secret123
Root DN : dc=demo1,dc=freeipa,dc=org

 

Sample of user and group details in LDAP Server:

### User Details ###
--------------------
cn: Test Employee
gidNumber: 1162400003
ipaUniqueID: 1c4fb108-90d8-11e8-b51b-0628508a174e
sn: Employee
uid: employee
uidNumber: 1162400003
displayName: Test Employee
gecos: Test Employee
givenName: Test
initials: TE
mail: employee@demo1.freeipa.org
manager: uid=manager,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
memberOf: cn=employees,cn=groups,cn=accounts,dc=demo1,dc=freeipa,dc=org
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=demo1,dc=freeipa,dc=org
mepManagedEntry: cn=employee,cn=groups,cn=accounts,dc=demo1,dc=freeipa,dc=org
 
### Group Details ###
---------------------
objectClass: ipausergroup
cn: employees
gidNumber: 1162400005
description: Test Employees
member: uid=employee,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
member: uid=manager,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org

 

LDAP Directory Manager configuration:

### User ###
------------
User Base DN : cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
User Import Search Filter : (objectClass=person)
Attribute Mapping - Username : uid
Attribute Mapping - First Name : givenName
Attribute Mapping - Last Name : sn
Attribute Mapping - Email : mail

### Employment ###
------------------
Attribute Mapping - Groups : memberOf
Map To LDAP Group Entry Primary Attribute : dn
 
### Group ###
-------------
Group Base DN : cn=groups,cn=accounts,dc=demo1,dc=freeipa,dc=org
Group Import Search Filter : (objectClass=ipausergroup)
Attribute Mapping - ID : cn
Attribute Mapping - Name : description
Attribute Mapping - Users : member
Map To LDAP User Entry Primary Attribute : dn

 

Debugging logs:

INFO 14 Aug 2018 12:58:58 org.joget.plugin.ldap.UserDaoLDAPImpl - getUser(username:employee)
INFO 14 Aug 2018 12:58:58 org.joget.plugin.ldap.UserDaoLDAPImpl - filter: (&(objectClass=person)(uid=employee))
ERROR 14 Aug 2018 12:58:59 org.joget.plugin.ldap.GroupDaoLDAPImpl - java.lang.NullPointerException
java.lang.NullPointerException
at org.joget.plugin.ldap.GroupDaoLDAPImpl.getFilterOfGroupsByUserId(GroupDaoLDAPImpl.java:197)
at org.joget.plugin.ldap.GroupDaoLDAPImpl.getGroupsByUserId(GroupDaoLDAPImpl.java:143)
at org.joget.plugin.ldap.DirectoryManagerLDAPImpl.getGroupsByUserId(DirectoryManagerLDAPImpl.java:401)
at org.joget.directory.model.service.DirectoryManagerProxyImpl.getGroupsByUserId(DirectoryManagerProxyImpl.java:310)
at org.joget.apps.workflow.controller.DirectoryJsonController.listUserGroup(DirectoryJsonController.java:262)
at sun.reflect.GeneratedMethodAccessor200.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:180)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:440)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:428)
at org.joget.commons.spring.web.ParameterizedAnnotationMethodHandlerAdapter.handle(ParameterizedAnnotationMethodHandlerAdapter.java:32)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.joget.apps.workflow.security.WorkflowHttpAuthProcessingFilter.doFilter(WorkflowHttpAuthProcessingFilter.java:85)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.joget.commons.spring.web.CustomDelegatingFilterProxy.doFilter(CustomDelegatingFilterProxy.java:31)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.joget.apps.app.web.ExpireFilter.doFilter(ExpireFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.joget.apps.app.web.JsonResponseFilter.doFilter(JsonResponseFilter.java:144)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

----------

I'm using Version 6.0.8 of Joget enterprise

    CommentAdd your comment...

    2 answers

    1.  
      2
      1
      0

       

      I just tried it with no problem. Maybe you can try to match my configs here.

      1. Mustapha Hadid

        Thanks Walter for your time. Well, I'm confused now as I still have the same issue :( Which version of Joget are you running?

      2. Mustapha Hadid

        It turns out that this was a bug in versions earlier than "6.0.9". I've just upgraded from version "6.0.8" to "6.0.9" and the configuration seems to work now. However, I just noticed another issue: the "report to" field is probably had the same bug. Here's my setting for "report to" fields: Attribute Mapping - Report To = manager Map To "Report To" Entry Attribute = dn Could you please help me on this Walter :)

      CommentAdd your comment...
    2.  
      1
      0
      -1

      There's a tab called "employment" in the LDAP config, try to fill that up too and go to the last tab to turn on debug mode to get more details printed out. LDAP Directory Manager

      1. Mustapha Hadid

        I've just tried filling up every field of the "employment" section. I've also tried playing with LDAP configuration but still have the issue. The debugging logs weren't helpful--check them out at the bottom of the question. Could you please try integration the demo server mentioned in the question yourself.

      CommentAdd your comment...