#1 2017-01-03 16:41:20

Sreejith S
Member
Registered: 2016-11-16

Importing users using ldap

Hi,

We are trying to import users using ldap based on the instructions given in
https://reportserver.net/en/guides/scri … sing-LDAP/
We are able to execute the both ldapimport.groovy and hookldappam.groovy files. After executing the hookldappam.groovy file
got an output LDAP_PAM

But users are not listed/added to the reportserver user directory

Kindly, help us to sort out this issue

Regards
Sreejith

Offline

#2 2017-01-06 09:58:18

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

do you got any logs?

Cheers,
Eduardo

Offline

#3 2017-01-09 10:26:14

Sreejith S
Member
Registered: 2016-11-16

Re: Importing users using ldap

Hi Eduardo,

We have created an Ldap Server in a system and trying to import the users from the same to RS . We are getting authenticated and there are no errors while executing the groovy files in the RS terminal, also a folder named "Export" has been getting created.

Following are the changes which we have made in the ldapimport.groovy file:-
----------------------------------
lul.setProviderUrl("ldap://67.205.158.166:389");
lul.setSecurityPrincipal("CN=testuser,ou=ReportServer,DC=ldap,DC=example,DC=com");
lul.setSecurityCredentials("***");
lul.setLdapBase("CN=testuser,ou=ReportServer,DC=ldap,DC=example,DC=com");
-----------------------------------
We could see the following message while going through the log file:-

-----------------------------------
####### LdapPAM: authenticate with local password: success
####### LdapPAM: authenticate success (usr=admin)
Retrieved nodes from directory: 0
Nodes added: 0
Nodes removed: 0
Overall nodes in rs: 0
Duration: 18ms
done.
-----------------------------------

Could you please look into this.

Regards,
Sreejith

Last edited by Sreejith S (2017-01-09 10:28:50)

Offline

#4 2017-01-11 13:24:04

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

please try with this:

lul.setLdapBase("DC=ldap,DC=example,DC=com");

or

lul.setLdapBase("ou=ReportServer,DC=ldap,DC=example,DC=com");

Cheers,
Eduardo

Offline

#5 2017-02-27 13:45:37

Sreejith S
Member
Registered: 2016-11-16

Re: Importing users using ldap

Hi Eduardo,

   we are trying to import users from ldap, but we are not able to get it succeed. Actually we are not getting any sort of error while executing the scripts. A folder named external is getting created .I am attaching the part of the script where the changes were made.

         lul.setProviderUrl("ldap://ip_address:389");
        lul.setSecurityPrincipal("cn=test toast,cn=tester,dc=local,dc=domain");
        lul.setSecurityCredentials("tester");

        lul.setLdapBase("ou=Users,dc=local,dc=domain");

Could you help us to sort this out.

Regards,
Sreejith

Last edited by Sreejith S (2017-02-27 16:23:01)

Offline

#6 2017-02-28 10:08:28

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hello Sreejith,

again, please post or send us the logs when trying to import the users. Do you have the "external" directory empty after the import ?

Cheers,
Eduardo

Offline

#7 2017-02-28 12:08:49

Sreejith S
Member
Registered: 2016-11-16

Re: Importing users using ldap

Hi Eduardo,

This is the log I am getting while executing the scripts:-


Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 fd=13 ACCEPT from IP=67.205.158.166:55026 (IP=0.0.0.0:389)
Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 op=0 BIND dn="cn=test toast,cn=tester,dc=local,dc=domain" method=128
Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 op=0 BIND dn="cn=test toast,cn=tester,dc=local,dc=domain" mech=SIMPLE ssf=0
Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 op=0 RESULT tag=97 err=0 text=
Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 op=1 SRCH base="ou=Users,dc=local,dc=domain" scope=2 deref=3 filter="(|(objectClass=organizationalUnit)(?objectClass=user)(?objectClass=group))"
Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 op=2 UNBIND
Feb 28 12:05:11 melvin-test slapd[1947]: conn=1093 fd=13 closed

also the external directory is getting created and it remains empty after the import.

Regards,
Sreejith

Last edited by Sreejith S (2017-02-28 12:13:06)

Offline

#8 2017-02-28 15:02:53

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

the search seems to get an empty result. Maybe you have to change your filter : filter="(|(objectClass=organizationalUnit)(?objectClass=user)(?objectClass=group))" according to your LDAP installation.
Can you check if your LDAP users have an objectClass=user ? Testing with jumpcloud LDAP I had to change this to: objectClass=person

Also, please check if your LDAP users have the following attributes:
"givenName", "sn", "sAMAccountName".
If not, you have to adapt the script here according to your LDAP installation:

/* copy User attributes */
node.setFirstname(getStringAttribute(sr, "givenName"));
node.setLastname(getStringAttribute(sr, "sn"));
node.setUsername(getStringAttribute(sr, "sAMAccountName"));

In the jumpcloud case:

/* copy User attributes */
node.setFirstname(getStringAttribute(sr, "givenName"));
node.setLastname(getStringAttribute(sr, "sn"));
node.setUsername(getStringAttribute(sr, "uid"));

Further, on the jumpcloud case, I had to adapt the getGuid() method:

private String getGuid(SearchResult sr) throws NamingException{
	try{
		return sr.getAttributes().get("uidNumber").get().toString();
	}catch(Exception e){
		throw new RuntimeException("failed to retrieve objectGUID from " + sr.getNameInNamespace(), e);
	}
}

Cheers,
Eduardo

Offline

#9 2017-03-01 09:19:04

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

another place I changed in the code was:

if(objectClass.contains("organizationalUnit")) {
	umNode = createOUNode(sr, parent);
} else if(objectClass.contains("person")) {
	umNode = createUserNode(sr, parent);
} else if(objectClass.contains("group")){
	umNode = createGroupNode(sr, parent);
}

("user" -> "person"). You may also want to check if the "organizationalUnit" or "group" attribute names must be changed.

Cheers,
Eduardo

Offline

#10 2017-03-01 11:12:02

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

in the second step, while authenticating the LDAP users, there is a bug in the hookldappam.groovy script:

Please change

GLOBALS.services.callbackRegistry.attachHook("LDAP_PAM", PAMHook.class, new PAMHook(){
	
	public void beforeStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
		pams.add(ldapPam);
	}
	public void afterStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
		
	}
	
});

to

GLOBALS.services.callbackRegistry.attachHook("LDAP_PAM", PAMHook.class, new PAMHook(){
 
    public void beforeStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
 
    }
    public void afterStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
        pams.clear()
        pams.add(ldapPam);
    }
 
});

Note that it is also necessary for the users (or the OU "external"), to have report server access (administration -> permissions -> report server access).

Cheers,
Eduardo

Offline

#11 2017-03-01 13:38:38

Sreejith S
Member
Registered: 2016-11-16

Re: Importing users using ldap

Hi Eduardo

Thank you for looking into the issue.

Following is what I got while executing the ldapimport.groovy

reportserver$ exec -c ldapimport.groovy
Script execution failed.
error message: javax.script.ScriptException: java.lang.RuntimeException: Error processing search result: cn=Jerint,cn=tester,dc=local,dc=domain (java.lang.RuntimeException)
script arguments:
file: ldapimport.groovy (id: 691967, line 458)
line number: 458 (69, 32, 250)
line: loadFromDirectory();

Also I have done a manual search using ldapsearch command from my terminal and it produced the following output :


ldapsearch -x -b "cn=tester,dc=local,dc=domain" -D "cn=admin,dc=local,dc=domain" -w "******" -H ldap://67.205.171.43:389
# extended LDIF
#
# LDAPv3
# base <cn=tester,dc=local,dc=domain> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# tester, local.domain
dn: cn=tester,dc=local,dc=domain
gidNumber: 500
cn: tester
objectClass: posixGroup
objectClass: top

# test toast, tester, local.domain
dn: cn=test toast,cn=tester,dc=local,dc=domain
cn: test toast
givenName: test
gidNumber: 500
homeDirectory: /home/users/ttoast
sn: toast
loginShell: /bin/sh
userPassword : *******
uidNumber: 1000
uid: ttoast
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person

# Joe J, tester, local.domain
dn: cn=Joe J,cn=tester,dc=local,dc=domain
cn: Joe J
givenName: Joe
gidNumber: 500
homeDirectory: /home/users/jj
sn: J
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: *******
uidNumber: 1002
uid: jj

# Jerin t, tester, local.domain
dn: cn=Jerin t,cn=tester,dc=local,dc=domain
cn: Jerin t
givenName: Jerin
gidNumber: 500
homeDirectory: /home/users/jt
sn: t
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: ******
uidNumber: 1003
uid: jt

# mars s, test toast, tester, local.domain
dn: cn=mars s,cn=test toast,cn=tester,dc=local,dc=domain
cn: mars s
givenName: mars
gidNumber: 500
homeDirectory: /home/users/ms
sn: s
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: *********
uidNumber: 1005
uid: ms

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5


So I think my script is fetching results from the ldap server but it failes while processing the same. So as you mentioned before I tried changing

/* create node */
                    Attribute objectClass = sr.getAttributes().get("objectClass");
                    AbstractUserManagerNode umNode = null;
                    if(objectClass.contains("organizationalUnit")) {
                        umNode = createOUNode(sr, parent);

                    } else if(objectClass.contains("user")) {
                        umNode = createUserNode(sr, parent);

                    } else if(objectClass.contains("group")){
                        umNode = createGroupNode(sr, parent);
                    }

To

/* create node */
                    Attribute objectClass = sr.getAttributes().get("objectClass");
                    AbstractUserManagerNode umNode = null;
                    if(objectClass.contains("inetOrgPerson")) {
                        umNode = createOUNode(sr, parent);

                    } else if(objectClass.contains("posixAccount")) {
                        umNode = createUserNode(sr, parent);

                    } else if(objectClass.contains("top")){
                        umNode = createGroupNode(sr, parent);
                    }


But the error remains the same. Please look into this and advice me to resolve the issue.

Kind Regards,
Sreejith

Offline

#12 2017-03-01 14:47:29

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

please share your complete ldapimport.groovy file.

Cheers,
Eduardo

Offline

#13 2017-03-01 14:54:40

Sreejith S
Member
Registered: 2016-11-16

Re: Importing users using ldap

Hi Eduardo,

Following is the complete content of the ldapimport.groovy file:-


import java.util.Map.Entry
import java.io.*
import java.util.logging.Level
import java.util.logging.Logger

import javax.inject.Inject
import javax.naming.Context
import javax.naming.NamingEnumeration
import javax.naming.NamingException
import javax.naming.directory.Attribute
import javax.naming.directory.DirContext
import javax.naming.directory.InitialDirContext
import javax.naming.directory.SearchControls
import javax.naming.directory.SearchResult
import javax.naming.ldap.LdapName

import net.datenwerke.rs.scripting.service.scripting.scriptservices.GlobalsWrapper
import net.datenwerke.rs.terminal.service.terminal.TerminalService
import net.datenwerke.rs.utils.jpa.EntityUtils
import net.datenwerke.security.client.login.AuthToken
import net.datenwerke.security.service.authenticator.hooks.PreAuthenticateHook
import net.datenwerke.security.service.authenticator.hooks.adapter.PreAuthenticateHookAdapter
import net.datenwerke.security.service.usermanager.UserManagerService
import net.datenwerke.security.service.usermanager.entities.AbstractUserManagerNode
import net.datenwerke.security.service.usermanager.entities.Group
import net.datenwerke.security.service.usermanager.entities.OrganisationalUnit
import net.datenwerke.security.service.usermanager.entities.User


GLOBALS.getInstance(LdapRunner.class).run(GLOBALS);


public class LdapRunner {
   
    private UserManagerService userManagerService;
    private EntityUtils entityUtils;

    @Inject
    public LdapRunner(
            UserManagerService userManagerService,
            EntityUtils entityUtils
        ){
            this.entityUtils = entityUtils;
            this.userManagerService = userManagerService;
    }
   
    public void run(GlobalsWrapper GLOBALS){
        LdapUserLoader lul = new LdapUserLoader(entityUtils, userManagerService);
       
        lul.setProviderUrl("ldap://67.205.171.43:389");
        lul.setLdapBase("cn=tester,dc=local,dc=domain");
        lul.setSecurityCredentials("password");

        lul.setSecurityPrincipal("cn=admin,dc=local,dc=domain");
        def terminal = GLOBALS.getInstance(TerminalService.class)
        OrganisationalUnit targetNode  = terminal.getObjectByLocation("/usermanager/external", false)
       
       
        if(null == targetNode){
            AbstractUserManagerNode umRoot = userManagerService.getRoots().get(0);
            targetNode = new OrganisationalUnit("external");
            umRoot.addChild(targetNode);
            userManagerService.persist(targetNode);
        }
       
        lul.setTargetNode(targetNode);
        lul.run();
    }
}


public class LdapUserLoader {

    private final Logger logger = Logger.getLogger(getClass().getName());


    private String ldapBase;
    private String ldapFilter = "(|(objectClass=*))";
                                 

    private String providerUrl;
    private String securityCredentials;

    private String securityPrincipal;
    private OrganisationalUnit targetNode;

    private boolean includeNamespace = false;

    private Map<String, AbstractUserManagerNode> guidMap;
    private Map<LdapName, AbstractUserManagerNode> nodesInDirectoryByName;
    private Map<String, AbstractUserManagerNode> nodesInDirectoryByGuid;
    private TreeMap<LdapName, SearchResult> searchResults;

    private List<AbstractUserManagerNode> removedNodes;
    private List<AbstractUserManagerNode> addedNodes;

    private EntityUtils entityUtils;
    private UserManagerService userManagerService;

    private class AdGUID {
        byte[] bytes;

        public AdGUID(byte[] bytes) {
            this.bytes = bytes;
        }

        private void addByte(StringBuffer sb, int k) {
            if(k<=0xF)
                sb.append("0");
            sb.append(Integer.toHexString(k));
        }

        @Override
        public String toString() {
            StringBuffer sb = new StringBuffer();
            addByte(sb, (int)bytes[3] & 0xFF);
            addByte(sb, (int)bytes[2] & 0xFF);
            addByte(sb, (int)bytes[1] & 0xFF);
            addByte(sb, (int)bytes[0] & 0xFF);
            sb.append("-");
            addByte(sb, (int)bytes[5] & 0xFF);
            addByte(sb, (int)bytes[4] & 0xFF);
            sb.append("-");
            addByte(sb, (int)bytes[7] & 0xFF);
            addByte(sb, (int)bytes[6] & 0xFF);
            sb.append("-");
            addByte(sb, (int)bytes[8] & 0xFF);
            addByte(sb, (int)bytes[9] & 0xFF);
            sb.append("-");
            addByte(sb, (int)bytes[10] & 0xFF);
            addByte(sb, (int)bytes[11] & 0xFF);
            addByte(sb, (int)bytes[12] & 0xFF);
            addByte(sb, (int)bytes[13] & 0xFF);
            addByte(sb, (int)bytes[14] & 0xFF);
            addByte(sb, (int)bytes[15] & 0xFF);

            return sb.toString();
        }

    }

    public LdapUserLoader(EntityUtils entityUtils, UserManagerService userManagerService) {
        this.entityUtils = entityUtils;
        this.userManagerService = userManagerService;
    }


    public String getLdapBase() {
        return ldapBase;
    }

    public String getProviderUrl() {
        return providerUrl;
    }

    public String getSecurityCredentials() {
        return securityCredentials;
    }

    public String getSecurityPrincipal() {
        return securityPrincipal;
    }

    public void setLdapBase(String ldapBase) {
        this.ldapBase = ldapBase;
    }

    public void setProviderUrl(String providerUrl) {
        this.providerUrl = providerUrl;
    }

    public void setSecurityCredentials(String securityCredentials) {
        this.securityCredentials = securityCredentials;
    }

    public void setSecurityPrincipal(String securityPrincipal) {
        this.securityPrincipal = securityPrincipal;
    }

    public void setTargetNode(OrganisationalUnit targetNode) {
        this.targetNode = targetNode;
    }

    public boolean isIncludeNamespace() {
        return includeNamespace;
    }

    public void setIncludeNamespace(boolean includeNamespace) {
        this.includeNamespace = includeNamespace;
    }

    public String getLdapFilter() {
        return ldapFilter;
    }

    public void setLdapFilter(String ldapFilter) {
        this.ldapFilter = ldapFilter;
    }



    private Properties compileProperties(){
        Properties props = new Properties();

        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        props.setProperty(Context.PROVIDER_URL, providerUrl);
        props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
        props.setProperty(Context.REFERRAL, "throw");
        props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");

        props.setProperty(Context.SECURITY_PRINCIPAL, securityPrincipal);
        props.setProperty(Context.SECURITY_CREDENTIALS, securityCredentials);

        /* return these as binary */
        props.put("java.naming.ldap.attributes.binary","objectGUID");
        return props;
    }

    private void createGuidMap(AbstractUserManagerNode current) {
        Map<String, AbstractUserManagerNode> map = new HashMap<>();
        createGuidMap(current, map );

        guidMap = map;
    }

    private void createGuidMap(AbstractUserManagerNode current, Map<String, AbstractUserManagerNode> map){
        map.put(current.getGuid(), entityUtils.unproxy(current));

        for(AbstractUserManagerNode cn : current.getChildren()){
            createGuidMap(cn, map);
        }
    }

    private String getStringAttribute(SearchResult sr, String attributeName) throws NamingException{
        try{
            return sr.getAttributes().get(attributeName).get().toString();
        }catch(Exception e){
            logger.log(Level.WARNING,"failed to retrieve attribute '" + attributeName + "' from " + sr.getNameInNamespace(), e);
            return null;
        }
    }

    private String getGuid(SearchResult sr) throws NamingException{
        try{
            AdGUID guid = new AdGUID((byte[]) sr.getAttributes().get("objectGUID").get());
            return guid.toString();
        }catch(Exception e){
            throw new RuntimeException("failed to retrieve objectGUID from " + sr.getNameInNamespace(), e);
        }
    }

    private void loadFromDirectory() throws NamingException {
        Properties props = compileProperties();
        String originBase = this.providerUrl.endsWith("/")?providerUrl:providerUrl + "/";

        this.nodesInDirectoryByName = new HashMap<>();
        this.nodesInDirectoryByGuid = new HashMap<>();
        this.addedNodes = new ArrayList<>();
        this.removedNodes = new ArrayList<>();

        DirContext ctx = null ;

        try {
            ctx = new InitialDirContext(props);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);

            LdapName ldapBaseName = new LdapName(getLdapBase());
            NamingEnumeration<SearchResult> results = ctx.search(ldapBaseName, this.ldapFilter, searchControls);

            /* order search results by name to make sure children never get processed before their parent */
            searchResults = new TreeMap<>();
            while (results.hasMoreElements()) {
                SearchResult sr = (SearchResult) results.next();
                searchResults.put(new LdapName(sr.getNameInNamespace()), sr);
            }

            for(SearchResult sr : searchResults.values()){
                try {
                    LdapName nodeName = new LdapName(isIncludeNamespace() ? sr.getNameInNamespace() : sr.getName());
                    LdapName nodeNameInNamespace = new LdapName(sr.getNameInNamespace());

                    /* skip empty nodes */
                    if(nodeName.size() == 0)
                        continue;


                    /* get parent node */
                    LdapName parentName = (LdapName) nodeNameInNamespace.getPrefix(Math.max(0, nodeNameInNamespace.size() - 1));
                    AbstractUserManagerNode parent = this.nodesInDirectoryByName.get(parentName);
                    if(null == parent){
                        if(parentName.equals(new LdapName(ldapBase))){
                            /* root node */
                            parent = targetNode;
                        }else{
                            throw new IllegalStateException("Missing parent for " + sr.getNameInNamespace());
                        }
                    }

                    /* create node */
                    Attribute objectClass = sr.getAttributes().get("objectClass");
                    AbstractUserManagerNode umNode = null;
                    if(objectClass.contains("inetOrgPerson")) {
                        umNode = createOUNode(sr, parent);

                    } else if(objectClass.contains("posixAccount")) {
                        umNode = createUserNode(sr, parent);

                    } else if(objectClass.contains("top")){
                        umNode = createGroupNode(sr, parent);
                    }

                    /* set common attributes */
                    umNode.setWriteProtection(true);
                    umNode.setGuid(getGuid(sr));
                    umNode.setOrigin(originBase + sr.getNameInNamespace());

                    nodesInDirectoryByName.put(new LdapName(sr.getNameInNamespace()), umNode);
                    nodesInDirectoryByGuid.put(getGuid(sr), umNode);
                }catch(Exception e){
                    throw new RuntimeException("Error processing search result: " + sr.getNameInNamespace() , e);
                }
            }


        }finally{
            try {
                if(null != ctx)
                    ctx.close();
            } catch (NamingException e) {
                logger.log(Level.WARNING, e.getMessage(), e);
            }
        }
    }


    private AbstractUserManagerNode createGroupNode(SearchResult sr, AbstractUserManagerNode parent) throws NamingException {
        Group node = (Group) guidMap.get(getGuid(sr));
        if(null == node){
            node = new Group();
            addedNodes.add(node);
        }
        parent.addChild(node);

        /* copy Group attributes */
        node.setName(getStringAttribute(sr, "name"));

        return node;
    }


    private AbstractUserManagerNode createUserNode(SearchResult sr, AbstractUserManagerNode parent) throws NamingException {
        User node = (User) guidMap.get(getGuid(sr));
        if(null == node){
            node = new User();
            addedNodes.add(node);
        }
        parent.addChild(node);

        /* copy User attributes */
        node.setFirstname(getStringAttribute(sr, "givenName"));
        node.setLastname(getStringAttribute(sr, "sn"));
        node.setUsername(getStringAttribute(sr, "uid"));

        return node;
    }

    private AbstractUserManagerNode createOUNode(SearchResult sr, AbstractUserManagerNode parent) throws NamingException {
        OrganisationalUnit node = (OrganisationalUnit) entityUtils.unproxy(guidMap.get(getGuid(sr)));
        if(null == node){
            node = new OrganisationalUnit();
            addedNodes.add(node);
        }
        parent.addChild(node);

        /* copy OU attributes */
        node.setName(getStringAttribute(sr, "name"));

        return node;
    }


    private void postprocessGroups() throws NamingException {

        /* clear */
        for(Entry<LdapName, AbstractUserManagerNode> entry : nodesInDirectoryByName.entrySet()){
            if(entry.getValue() instanceof Group){
                Group group = (Group) entry.getValue();
                group.getUsers().clear();
                group.getOus().clear();
                group.getReferencedGroups().clear();
            }
        }

        /* add appropriate users */
        for(Entry<LdapName, AbstractUserManagerNode> entry : nodesInDirectoryByName.entrySet()){
            if(entry.getValue() instanceof Group){
                Group group = (Group) entry.getValue();
                SearchResult sr = searchResults.get(entry.getKey());
                if(null != sr.getAttributes().get("member")){
                    NamingEnumeration<?> members = sr.getAttributes().get("member").getAll();
                    while(members.hasMore()){
                        LdapName memberName = new LdapName(members.next().toString());
                        AbstractUserManagerNode member = nodesInDirectoryByName.get(memberName);
                        if(null != member){
                            if(member instanceof User)
                                group.addUser((User) member);
                            if(member instanceof OrganisationalUnit)
                                group.addOu((OrganisationalUnit) member);
                            if(member instanceof Group)
                                group.addReferencedGroup((Group) member);
                        }
                    }
                }
            }
        }
    }

    private void printTree(AbstractUserManagerNode current){
        StringBuilder sb = new StringBuilder();
        List<AbstractUserManagerNode> rl = current.getRootLine();
        Collections.reverse(rl);
        for(AbstractUserManagerNode node : rl){
            sb.append(node.getName()).append(".");
        }
        sb.append(current.getName() + " [" + current.getClass().getSimpleName() + "]" );

        if(current instanceof Group){
            Group group = (Group) current;
            sb.append(" (").append(group.getUsers().size() + group.getOus().size() + group.getReferencedGroups().size()).append(" members)");
        }

        System.out.println(sb.toString());

        for(AbstractUserManagerNode cn : current.getChildren()){
            printTree(cn);
        }
    }


    private void deleteRemovedUsers(AbstractUserManagerNode current) {
        for(AbstractUserManagerNode c : current.getChildren()){
            deleteRemovedUsers(c);
        }

        if(null != current.getOrigin() && current.getOrigin().startsWith(providerUrl) && !nodesInDirectoryByGuid.containsKey(current.getGuid())){
            current.getParent().removeChild(current);
            removedNodes.add(current);
        }
    }

    public void run() throws NamingException{
        long start = System.currentTimeMillis();
        createGuidMap(targetNode);

        loadFromDirectory();
        postprocessGroups();

        deleteRemovedUsers(targetNode);
       
        for(AbstractUserManagerNode removedNode : removedNodes){
            userManagerService.remove(removedNode);
        }

        System.out.println("Retrieved nodes from directory: " + nodesInDirectoryByGuid.size() );
        System.out.println("Nodes added: " + addedNodes.size() );
        System.out.println("Nodes removed: " + removedNodes.size() );
        int overallCount = countNodes(targetNode) - 1;
        System.out.println("Overall nodes in rs: " + overallCount);
        System.out.println("Duration: " + (System.currentTimeMillis() - start) + "ms");
        if(overallCount != nodesInDirectoryByGuid.size())
            throw new RuntimeException("Failed to import user data from directory");
        else
            System.out.println("done.");

        //        printTree(targetNode);
    }


    private int countNodes(AbstractUserManagerNode current) {
        int i = 1;
        for(AbstractUserManagerNode n : current.getChildren()){
            i += countNodes(n);
        }
        return i;
    }

}



Regards,
Sreejith

Last edited by Sreejith S (2017-03-01 14:55:59)

Offline

#14 2017-03-01 15:33:40

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

I can see some problems in your script:
1. In your filter you are retrieving everything, so, probably, you would have to skip some entries. You can achieve this with a continue:

if(objectClass.contains("inetOrgPerson")) {
                        umNode = createOUNode(sr, parent);
                    } else if(objectClass.contains("posixAccount")) {
                        umNode = createUserNode(sr, parent);
                    } else if(objectClass.contains("top")){
                        umNode = createGroupNode(sr, parent);
                    } else continue;

2. Are you sure that your OUs are the "inetOrgPerson", and your groups the "top"? This doesn't make a lot of sense.
Better would be OU: posixGroup or group:posixGroup (depending on what you want to do with those groups).

3. You didn't change the getGuid() method , so it is trying to get the attribute "objectGUID", which is not an attribute in your LDAP installation. So you have to either manually add some similar UID attribute or get it from other attributes. It must be unique.

In resume, you have to compare the attributes you are using with the attributes in your LDAP installation.
Do you get more detailed logs ? (in the tomcat logs?)

Cheers,
Eduardo

Offline

#15 2017-03-01 16:17:17

Sreejith S
Member
Registered: 2016-11-16

Re: Importing users using ldap

Hi Eduardo ,

Could you please let me know how to echo message to the RS-Terminal from the groovy script. I mean any alternate for System.out.println() method.

Regards,
Sreejith

Offline

#16 2017-03-02 08:48:22

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

you can use:
tout.println('Hello World')

for printint in the terminal. tout stands for terminal output.

Cheers,
Eduardo

Offline

#17 2017-03-03 11:19:22

Sreejith S
Member
Registered: 2016-11-16

Re: Importing users using ldap

Hello Eduardo ,

Happy news is that now I'm able to hook both jumpcloud and local ldap server users. I really appreciate your assistance on this. I think the objectClass has did all the mismatch before, later I did a manaul ldapsearch on jumpcloud which came out with the object class "jumpcloudUser" and may I specifying this as one of the objectClass sorted things out.

Kind Regards,
Sreejith

Offline

#18 2021-05-07 11:32:51

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Importing users using ldap

Hi Sreejith,

pls note we published the ldaptester.groovy script here:
https://github.com/infofabrik/reportserver-samples/

which allows you to safely test your LDAP settings before importing them into the "real" ldapimport.groovy script (or ldap.cf configuration file).

Regards,
Eduardo

Offline

Board footer

Powered by FluxBB