cuba version: 7.1.1
ldap add-on version: 1.4.0
Invoke service method:
ldap_UserSynchronizationSchedulerService.synchronizeUsersFromLdap()
Error information:
CommonErrorNode [<mismatched token: [@22,59:65=‘cuGroup’,<61>,1:59], resync=select cu.login from sec$User cu inner join fetch cu.group cuGroup where upper(cuGroup.name) in :groups>]
Also attached exception stack logerror.log (11.7 KB)
Hi Evgeny,
Configuration is according to example on GitHub - cuba-platform/ldap-addon: The purpose of the LDAP Integration CUBA component is to provide a readily available instrument of employing features of a directory server, e.g. Active Directory, in any CUBA-based application. :
app.properties
ldap.contextSourceUrl = ldap://XX.XX.XX.XXX:XXX
ldap.contextSourceBase = dc=XXX,dc=XXXX
ldap.contextSourceUserName = XXXX
ldap.contextSourcePassword = XXXXX
ldap.referral = follow
ldap.sessionExpiringPeriodSec = 120
ldap.userSynchronizationBatchSize = 100
ldap.userSynchronizationOnlyActiveProperty = true
ldap.cubaGroupForSynchronization = Company
ldap.cubaGroupForSynchronizationInverse = false
ldap.synchronizeCommonInfoFromLdap = true
cuba.web.standardAuthenticationUsers = admin,anonymous
web-app.properties
cuba.web.standardAuthenticationUsers = admin,anonymous
ldap.expiringSessionNotificationCron = */10 * * * * *
ldap.addonEnabled = true
ldap.expiringSessionsEnable = true
cuba.rest.standardAuthenticationEnabled = false
cuba.rest.ldap.enabled = true
cuba.rest.ldap.urls = ldap://XX.XX.XX.XXX:XXX
cuba.rest.ldap.base = dc=XXX,dc=XXXX
cuba.rest.ldap.user = XXX
cuba.rest.ldap.password = XXXX
Hi @hanbing.yin,
We have found and fixed a bug in the add-on and going to publish a new version. We will notify you when the new version will be available.
Regards,
Evgeny
Hi @hanbing.yin,
We have fixed this issue, please try to use 1.4.1 LDAP add-on version.
Regards,
Evgeny
Hi Evgeny, will try and let you know the result. 
Another question regarding usage of this add-on:
If use web login, LDAP account could be automatically synchronized and no problem. But when use API to login, it will complain “no local user found”, seems API is not synchronizing account automatically, could you please suggest?
Please provide sample code, where you using API to login
Hi Evgeny,
This question is from Chinese forum, I don’t have Ldap server setup, so just translate the same:
Using postman to login:
url:http://localhost:8080/app/rest/v2/ldap/token
Suspect code in: com\haulmont\addon\restapi\api\ldap\LdapAuthController.java method: protected OAuthTokenIssuer.OAuth2AccessTokenResult authenticate(String username, String password, Locale locale, String ipAddress, Map<String, String> parameters)
After this if (!ldapTemplate.authenticate(LdapUtils.emptyLdapName(), buildPersonFilter(username), password)) check, it doesn’t synchronize users, then try to issue token using local user.