LDAP sync user error

cuba version: 7.1.1
ldap add-on version: 1.4.0
Invoke service method:
ldap_UserSynchronizationSchedulerService.synchronizeUsersFromLdap()
Error information:
CommonErrorNode [<mismatched token: [@22,59:65=‘cuGroup’,<61>,1:59], resync=select cu.login from sec$User cu inner join fetch cu.group cuGroup where upper(cuGroup.name) in :groups>]

Also attached exception stack logerror.log (11.7 KB)

Hi @hanbing.yin,

Please provide settings for your configured LDAP rules.

Regards,
Evgeny

Hi Evgeny,

Configuration is according to example on https://github.com/cuba-platform/ldap-addon :
app.properties
ldap.contextSourceUrl = ldap://XX.XX.XX.XXX:XXX
ldap.contextSourceBase = dc=XXX,dc=XXXX
ldap.contextSourceUserName = XXXX
ldap.contextSourcePassword = XXXXX
ldap.referral = follow
ldap.sessionExpiringPeriodSec = 120
ldap.userSynchronizationBatchSize = 100
ldap.userSynchronizationOnlyActiveProperty = true
ldap.cubaGroupForSynchronization = Company
ldap.cubaGroupForSynchronizationInverse = false
ldap.synchronizeCommonInfoFromLdap = true
cuba.web.standardAuthenticationUsers = admin,anonymous

web-app.properties
cuba.web.standardAuthenticationUsers = admin,anonymous
ldap.expiringSessionNotificationCron = */10 * * * * *
ldap.addonEnabled = true
ldap.expiringSessionsEnable = true
cuba.rest.standardAuthenticationEnabled = false
cuba.rest.ldap.enabled = true
cuba.rest.ldap.urls = ldap://XX.XX.XX.XXX:XXX
cuba.rest.ldap.base = dc=XXX,dc=XXXX
cuba.rest.ldap.user = XXX
cuba.rest.ldap.password = XXXX

Hi @hanbing.yin,

We have found and fixed a bug in the add-on and going to publish a new version. We will notify you when the new version will be available.

Regards,
Evgeny

Hi @evgeny.zaharchenko, thank you!

Hi @hanbing.yin,

We have fixed this issue, please try to use 1.4.1 LDAP add-on version.

Regards,
Evgeny

Hi Evgeny, will try and let you know the result. :slight_smile:

Hi @evgeny.zaharchenko,

Another question regarding usage of this add-on:

If use web login, LDAP account could be automatically synchronized and no problem. But when use API to login, it will complain “no local user found”, seems API is not synchronizing account automatically, could you please suggest?

Please provide sample code, where you using API to login

Hi Evgeny,

This question is from Chinese forum, I don’t have Ldap server setup, so just translate the same:

Using postman to login:
url:http://localhost:8080/app/rest/v2/ldap/token

Suspect code in: com\haulmont\addon\restapi\api\ldap\LdapAuthController.java method: protected OAuthTokenIssuer.OAuth2AccessTokenResult authenticate(String username, String password, Locale locale, String ipAddress, Map<String, String> parameters)

After this if (!ldapTemplate.authenticate(LdapUtils.emptyLdapName(), buildPersonFilter(username), password)) check, it doesn’t synchronize users, then try to issue token using local user.

@hanbing.yin

Please use default authentification via /oauth/token endpoint

Regards,
Evgeny