Synchronising Users.

ReportServer (EN)
1

Hi,

Is there a way to synchronise users created locally in our application with reportserver usersandgroups

Thank you

2

Hi Frank,

you can take a look at the LDAP synchronization if you have an LDAP server with your users/groups:

https://reportserver.net/en/guides/script/chapters/Integrating-ReportServer-with-an-Active-Directory-using-LDAP/
https://reportserver.net/blog/2013/08/06/configure-ldap-to-use-reportserver-with-activedirectory-authentication/

Cheers,
Eduardo

3

Hi Eduardo,

Thanks For the reply,

I am in new in this, I have tried the solutions provided in the above links, but failed in executing ldapImport.groovy file,

getting following authentication error

Script execution failed.
error message: javax.script.ScriptException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] (javax.naming.AuthenticationException)
script arguments:
file: ldapimport.groovy (id: 342341, line 457)
line number: 457 (68, 31)
line: loadFromDirectory();

Actually we are trying to set jumpcloud as a ldap service, for importing users from jumpcloud to reportserver. We have made the following changes in the groovy file

lul.setProviderUrl(“ldap://ldap.jumpcloud.com:389”);
lul.setSecurityPrincipal(“DC=ldap,DC=jumpcloud,DC=com”);
lul.setSecurityCredentials(“user-id”);

	lul.setLdapBase("UID=user-id,OU=Users,O=ORG_ID,DC=jumpcloud,DC=com");

Could you please help us to sort out this issue.

Regards
Frank

4

Hi Eduardo,

Is there any other possible ways to sync users from an application without the use of LDAP Server?

Regards,
Frank

5

Hi Frank,

you could write a script that reads the users from your other system and creates these in reportserver if they don’t exist. Do you need a periodic synchronization or a 1-time import?

Cheers,
Eduardo

6

Hi Eduardo,

We actually need a periodic synchronisation from our application to ReportServer.

Regards,
Frank

7

Hi Frank,

for this, we would recommend using LDAP, as it also offers synchronization (https://reportserver.net/en/guides/script/chapters/Integrating-ReportServer-with-an-Active-Directory-using-LDAP/).
If you don’t want to use LDAP, you would have to write your own script (similar as ldapimport.groovy): https://reportserver.net/en/guides/script/chapters/ldapimportgroovy/

Regards,
Eduardo

8

Hi Frank,

have you been able to connect to the LDAP server? Or do you still got problems ?
lul.setSecurityCredentials(“user-id”); // should contain your password. Is this correct ?
lul.setLdapBase(“UID=user-id,OU=Users,O=ORG_ID,DC=jumpcloud,DC=com”); // the base directory where the users are going to be searched for. You can try with:
OU=Users,O=ORG_ID,DC=jumpcloud,DC=com
O=ORG_ID,DC=jumpcloud,DC=com
DC=jumpcloud,DC=com

Cheers,
Eduardo

9

Hi Frank,

in https://support.jumpcloud.com/customer/portal/articles/2439911 I read this:

So, according to this, your configuration should be:

lul.setProviderUrl("ldap://ldap.jumpcloud.com:389");
lul.setSecurityPrincipal("uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // replace LDAP_BINDING_USER and YOUR_ORG_ID with your account details
lul.setSecurityCredentials("******");    //your password
      
lul.setLdapBase("ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // again, replace YOUR_ORG_ID with your organization id

// if this doesn't work, you can try with:
lul.setLdapBase("o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // again, replace YOUR_ORG_ID with your organization id

Please let us know if this helps,

Cheers,
Eduardo

10

Hi Frank,

testing with jumpcloud I made the following modifications in order for the script to work:

  1. Credentials:
lul.setProviderUrl("ldap://ldap.jumpcloud.com:389");
lul.setSecurityPrincipal("uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // replace LDAP_BINDING_USER and YOUR_ORG_ID with your account details
lul.setSecurityCredentials("******");    //your password
  1. change getGUID() in order to return something unique in the jumpcloud LDAP installation, e.g.:
private String getGuid(SearchResult sr) throws NamingException{
	return sr.getName().toString(); //you can also return a unique id analogously as the original script
}
  1. change your filter:
private String ldapFilter = "(|(objectClass=organizationalUnit)(objectClass=person)(objectClass=posixGroup))";
  1. change the username property:
//node.setUsername(getStringAttribute(sr, "sAMAccountName"));
node.setUsername(getStringAttribute(sr, "uid")); // set uid or any attribute you have identifying your username

This is working for me, I hope this helps.

Cheers,
Eduardo

11

just noting that we have the same intention that Frank first posted. Our thread is at https://forum.reportserver.net/viewtopic.php?pid=2891#p2891 - with Eduardo’s help we’re progressing.

12

Hi Frank,

pls note we published the ldaptester.groovy script here:
https://github.com/infofabrik/reportserver-samples/

which allows you to safely test your LDAP settings before importing them into the “real” ldapimport.groovy script (or ldap.cf configuration file).

Regards,
Eduardo