#1 2017-01-03 09:49:32

Frank Lee
Member
Registered: 2017-01-03

Synchronising Users.

Hi,

Is there a way to synchronise users created locally in our application with reportserver usersandgroups

Thank you

Offline

#2 2017-01-03 11:18:27

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Synchronising Users.

Hi Frank,

you can take a look at the LDAP synchronization if you have an LDAP server with your users/groups:

https://reportserver.net/en/guides/scri … sing-LDAP/
https://reportserver.net/blog/2013/08/0 … ntication/

Cheers,
Eduardo

Offline

#3 2017-01-03 13:34:57

Frank Lee
Member
Registered: 2017-01-03

Re: Synchronising Users.

Hi Eduardo,

Thanks For the reply,

I am in new in this, I have tried the solutions provided in the above links, but failed in executing ldapImport.groovy file,

getting following authentication error

*************************************

Script execution failed.
error message: javax.script.ScriptException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] (javax.naming.AuthenticationException)
script arguments:
file: ldapimport.groovy (id: 342341, line 457)
line number: 457 (68, 31)
line: loadFromDirectory();

*****************************************

Actually we are trying to set jumpcloud as a ldap service, for importing users from jumpcloud to reportserver. We have made the following changes in the groovy file

----------------------------------
lul.setProviderUrl("ldap://ldap.jumpcloud.com:389");
        lul.setSecurityPrincipal("DC=ldap,DC=jumpcloud,DC=com");
        lul.setSecurityCredentials("user-id");         
     
        lul.setLdapBase("UID=user-id,OU=Users,O=ORG_ID,DC=jumpcloud,DC=com");
--------------------------

Could you please help us to sort out this issue.

Regards
Frank

Offline

#4 2017-01-05 16:22:26

Frank Lee
Member
Registered: 2017-01-03

Re: Synchronising Users.

Hi  Eduardo,

Is there any other possible ways to sync users from an application without the use of LDAP Server?

Regards,
Frank

Offline

#5 2017-01-05 18:25:36

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Synchronising Users.

Hi Frank,

you could write a script that reads the users from your other system and creates these in reportserver if they don't exist. Do you need a periodic synchronization or a 1-time import?

Cheers,
Eduardo

Offline

#6 2017-01-06 09:03:27

Frank Lee
Member
Registered: 2017-01-03

Re: Synchronising Users.

Hi Eduardo,

We actually need a periodic synchronisation from our application to ReportServer.

Regards,
Frank

Offline

#7 2017-01-06 09:51:47

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Synchronising Users.

Hi Frank,

for this, we would recommend using LDAP, as it also offers synchronization (https://reportserver.net/en/guides/scri … sing-LDAP/).
If you don't want to use LDAP, you would have to write your own script (similar as ldapimport.groovy): https://reportserver.net/en/guides/scri … ortgroovy/

Regards,
Eduardo

Offline

#8 2017-01-11 13:51:51

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Synchronising Users.

Frank Lee wrote:

----------------------------------
lul.setProviderUrl("ldap://ldap.jumpcloud.com:389");
        lul.setSecurityPrincipal("DC=ldap,DC=jumpcloud,DC=com");
        lul.setSecurityCredentials("user-id");         
     
        lul.setLdapBase("UID=user-id,OU=Users,O=ORG_ID,DC=jumpcloud,DC=com");
--------------------------

Could you please help us to sort out this issue.

Hi Frank,

have you been able to connect to the LDAP server? Or do you still got problems ?
lul.setSecurityCredentials("user-id");  // should contain your password. Is this correct ?
lul.setLdapBase("UID=user-id,OU=Users,O=ORG_ID,DC=jumpcloud,DC=com");  // the base directory where the users are going to be searched for. You can try with:
OU=Users,O=ORG_ID,DC=jumpcloud,DC=com
O=ORG_ID,DC=jumpcloud,DC=com
DC=jumpcloud,DC=com

Cheers,
Eduardo

Offline

#9 2017-01-11 14:15:59

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Synchronising Users.

Hi Frank,

in https://support.jumpcloud.com/customer/ … es/2439911 I read this:

Configuration Details and Supported Standards

Hostname: ldap.jumpcloud.com

URI: ldap://ldap.jumpcloud.com (clear text or STARTTLS) - OR -
        ldaps://ldap.jumpcloud.com (SSL)

Ports: 389 (clear text or STARTTLS) - OR -
           636 (SSL)

LDAPS Client Certificate: If required by your application, see JumpCloud LDAPS SSL Client Certificate

LDAP Distinguished Name: uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
Notes:
This value is found in the user details (See above screenshot)
Your application may not have a field called LDAP Distinguished Name, it may be referred to as the BindDN or may only have a 'username' field paired with a password. This is the correct value for that field

BaseDN: ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
Note: This may also be referred to as SearchDN, Search Base or other similar terminology

So, according to this, your configuration should be:

lul.setProviderUrl("ldap://ldap.jumpcloud.com:389");
lul.setSecurityPrincipal("uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // replace LDAP_BINDING_USER and YOUR_ORG_ID with your account details
lul.setSecurityCredentials("******");    //your password
      
lul.setLdapBase("ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // again, replace YOUR_ORG_ID with your organization id

// if this doesn't work, you can try with:
lul.setLdapBase("o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // again, replace YOUR_ORG_ID with your organization id

Please let us know if this helps,

Cheers,
Eduardo

Offline

#10 2017-01-11 16:35:44

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Synchronising Users.

Hi Frank,

testing with jumpcloud I made the following modifications in order for the script to work:

1. Credentials:

lul.setProviderUrl("ldap://ldap.jumpcloud.com:389");
lul.setSecurityPrincipal("uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com"); // replace LDAP_BINDING_USER and YOUR_ORG_ID with your account details
lul.setSecurityCredentials("******");    //your password

2. change getGUID() in order to return something unique in the jumpcloud LDAP installation, e.g.:

private String getGuid(SearchResult sr) throws NamingException{
	return sr.getName().toString(); //you can also return a unique id analogously as the original script
}

3. change your filter:

private String ldapFilter = "(|(objectClass=organizationalUnit)(objectClass=person)(objectClass=posixGroup))";

4. change the username property:

//node.setUsername(getStringAttribute(sr, "sAMAccountName"));
node.setUsername(getStringAttribute(sr, "uid")); // set uid or any attribute you have identifying your username

This is working for me, I hope this helps.

Cheers,
Eduardo

Offline

#11 2017-01-11 16:45:42

wonky
Member
Registered: 2016-03-01

Re: Synchronising Users.

just noting that we have the same intention that Frank first posted.  Our thread is at https://forum.reportserver.net/viewtopi … 2891#p2891 - with Eduardo's help we're progressing.

Offline

#12 2021-05-07 11:36:05

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Synchronising Users.

Hi Frank,

pls note we published the ldaptester.groovy script here:
https://github.com/infofabrik/reportserver-samples/

which allows you to safely test your LDAP settings before importing them into the "real" ldapimport.groovy script (or ldap.cf configuration file).

Regards,
Eduardo

Offline

Board footer

Powered by FluxBB