I'm trying to set up LDAP connectivity to AD to authenticate users but am having issues. I have tried to follow the instructions in the appstore: entered server as ldap://nnn.nnn.nnn.nnn (IP address) entered LDAP root directory: DC=mfad,DC=mfroot,DC=org Checked is AD checkbox entered username (needed format of mfad\username) and password tried to save - received error about User Entity as required field... selected Message.Contact as User Entity, then saved configuration clicked 'Read LDAP' button A progress bar is displayed for about 3 or 4 minutes, then an error is displayed: Server error. An error has occured while handling the request The server log has the following entry: 2011-02-17 10:25:24.228 INFO - Ldap: Trying to authenticate mfad\gas01 with LDAP 2011-02-17 10:25:24.228 INFO - Ldap: User mfad\gas01 authenticated with LDAP 2011-02-17 10:29:10.997 ERROR - Connector: An error has occurred while handling the request. [User 'gswanton' with roles 'User, Segment01, Requester, Administrator, CMDBManager, ConfigSegment01'] 2011-02-17 10:29:10.997 ERROR Connectorcom.mendix.core.CoreException: Exception occurred in action 'Microflow [Ldap.ReadLdapFlow]', all database changes executed by this action were rolled back at com.mendix.core.actionmanagement.CoreAction.d(SourceFile:553) Caused by: com.mendix.core.CoreException: Exception occurred in microflow 'Ldap.ReadLdapFlow' for activity 'Call 'readLdap'', all database changes executed by this microflow were rolled back at kP.b(SourceFile:251) Caused by: com.mendix.core.CoreException: java.util.NoSuchElementException: Attribute member has no value at it.b(SourceFile:167) Caused by: java.util.NoSuchElementException: Attribute member has no value at javax.naming.directory.BasicAttribute.get(Unknown Source) at com.mendix.ldap.FullDirectoryAttributesMapper.mapFromAttributes(FullDirectoryAttributesMapper.java:25) at org.springframework.ldap.core.AttributesMapperCallbackHandler.getObjectFromNameClassPair(AttributesMapperCallbackHandler.java:61) at org.springframework.ldap.core.CollectingNameClassPairCallbackHandler.handleNameClassPair(CollectingNameClassPairCallbackHandler.java:50) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:276) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:234) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:548) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:532) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:383) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:406) at com.mendix.ldap.LdapModule.readChildren(LdapModule.java:299) at com.mendix.ldap.LdapModule.convertFromDirectory(LdapModule.java:268) at com.mendix.ldap.LdapModule.convertFromDirectory(LdapModule.java:269) at com.mendix.ldap.ReadRootDirectory.readDirectory(ReadRootDirectory.java:50) at com.mendix.ldap.ReadRootDirectory.readRoot(ReadRootDirectory.java:30) at com.mendix.ldap.LdapModule.readLDAP(LdapModule.java:111) at ldap.actions.ReadLdap.executeAction(ReadLdap.java:38) at ldap.actions.ReadLdap.executeAction(ReadLdap.java:20) at com.mendix.systemwideinterfaces.core.UserAction.execute(SourceFile:49) at com.mendix.core.actionmanagement.CoreAction.call(SourceFile:473) at it.b(SourceFile:155) at com.mendix.core.Core.execute(SourceFile:191) at hi.a(SourceFile:70) at kP.a(SourceFile:66) at eO.executeAction(SourceFile:96) at com.mendix.systemwideinterfaces.core.UserAction.execute(SourceFile:49) at com.mendix.core.actionmanagement.CoreAction.call(SourceFile:473) at it.b(SourceFile:155) at com.mendix.core.Core.execute(SourceFile:191) at dw.execute(SourceFile:183) at ju.a(SourceFile:299) at ju.a(SourceFile:230) at ju.processRequest(SourceFile:174) at fC.a(SourceFile:71) at com.mendix.core.MxRuntime.processRequest(SourceFile:916) at com.mendix.m2ee.server.handler.RuntimeHandler.handle(RuntimeHandler.java:42) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113) at org.eclipse.jetty.server.Server.handle(Server.java:334) at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559) at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1007) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:747) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203) at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:462) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436) at java.lang.Thread.run(Unknown Source) Can anyone advise me what the 'NoSuchElementException: Attribute member has no value' might mean? Update: Following Erwin's comment I have tried some different LDAP root directory settings as follows: DC=mfroot,DC=org - this immediately errors out Caused by: org.springframework.ldap.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: 'mfroot.org' ]; nested exception is javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: 'mfroot.org' ]; remaining name 'dc=mfroot,dc=org' I then tried dc=mfad,dc=mfroot,dc=org which also errored out after a few minutes: Caused by: com.mendix.core.CoreException: org.springframework.ldap.ServiceUnavailableException: mfadldap.mfad.mfroot.org:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: mfadldap.mfad.mfroot.org:389; socket closed; remaining name 'CN=MFADIR65,OU=Domain Controllers,DC=mfad,DC=mfroot,DC=org' at it.b(SourceFile:167) Caused by: org.springframework.ldap.ServiceUnavailableException: mfadldap.mfad.mfroot.org:389; socket closed; nested exception is javax.naming.ServiceUnavailableException: mfadldap.mfad.mfroot.org:389; socket closed; remaining name 'CN=MFADIR65,OU=Domain Controllers,DC=mfad,DC=mfroot,DC=org' I then tried ou=users,ou=mcr,dc=mfad,dc=mfroot,dc=org and the first time I tried this it errored out with a Java out of memory error after 10 mins. I increased the JVM size to 1536 and tried again. So far it has been reading LDAP for over an hour. I don't know whether it will eventually complete or just die. Does this look like it might be a correct LDAP root to enter? Is this sort of timescale normal for this operation (there are somewhere over 45,000 user records in AD)
asked
David Sanders
2 answers
2
Hi David,
I think it has to do with the fact that the selected root directory does not contain entries. I think I had the same issue, try setting the root directory to a higher level of the AD structure.
answered
Erwin 't Hoen
2
The final version I tried (ou=users,ou=mcr,dc=mfad,dc=mfroot,dc=org) ran for about 2 hours then the 'Reading LDAP' dialog closed with no message. No errors reported in the log, but no LDAP structure imported either
The answer was to just be more patient. The operation (Read LDAP) completed about another hour later. I was then able to complete the rest of the configuration and turn on AD authentication successfully.
One further strange thing - the documentation says the Domain Suffix should be a concatinated version of the LDAP root fields. In my case this did not work and I had to use @mfad.mfroot.org
The next stage is to import LDAP Groups - there are 32,000 of them in this AD tree... ;-(